Append all BruteForce parameters into Manager (#2646)
This commit is contained in:
parent
04747ff4e6
commit
c14b5c6219
|
@ -34,6 +34,8 @@ set to ``On``.
|
||||||
- **Allowed failed login**: Number of failed login attempts allowed before account is locked
|
- **Allowed failed login**: Number of failed login attempts allowed before account is locked
|
||||||
- **Incremental lock**: Enable/disable incremental lock times
|
- **Incremental lock**: Enable/disable incremental lock times
|
||||||
- **Incremental lock times**: List of comma separated lock time values in seconds
|
- **Incremental lock times**: List of comma separated lock time values in seconds
|
||||||
|
- **Maximum lock time**: Lock time values can not be higher than max lock time
|
||||||
|
- **Maximum age**: Delta between current and last stored failed login
|
||||||
|
|
||||||
|
|
||||||
Incremental lock time enabled
|
Incremental lock time enabled
|
||||||
|
@ -70,17 +72,8 @@ Lock time increases between each failed login attempt after allowed failed login
|
||||||
Incremental lock time disabled
|
Incremental lock time disabled
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
After allowed failed login attempts, user must
|
After allowed failed login attempts, user must wait
|
||||||
wait the lock time before trying to log in again.
|
the lock time before trying to log in again.
|
||||||
To modify delta (MaxAge) between current and last stored
|
|
||||||
failed login (300 seconds by default) edit ``lemonldap-ng.ini`` in [portal] section:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
|
||||||
|
|
||||||
[portal]
|
|
||||||
bruteForceProtectionTempo = 30
|
|
||||||
bruteForceProtectionMaxAge = 300
|
|
||||||
bruteForceProtectionMaxFailed = 3
|
|
||||||
|
|
||||||
|
|
||||||
.. attention::
|
.. attention::
|
||||||
|
|
|
@ -1078,6 +1078,8 @@ sub tree {
|
||||||
'bruteForceProtectionMaxFailed',
|
'bruteForceProtectionMaxFailed',
|
||||||
'bruteForceProtectionIncrementalTempo',
|
'bruteForceProtectionIncrementalTempo',
|
||||||
'bruteForceProtectionLockTimes',
|
'bruteForceProtectionLockTimes',
|
||||||
|
'bruteForceProtectionMaxLockTime',
|
||||||
|
'bruteForceProtectionMaxAge'
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
'lwpOpts',
|
'lwpOpts',
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"تفعيل",
|
"bruteForceProtection":"تفعيل",
|
||||||
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
||||||
"bruteForceProtectionLockTimes":"Incremental lock times",
|
"bruteForceProtectionLockTimes":"Incremental lock times",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"Lock time",
|
"bruteForceProtectionTempo":"Lock time",
|
||||||
"cancel":"إلغاء",
|
"cancel":"إلغاء",
|
||||||
"captcha_login_enabled":"التفعيل في استمارة تسجيل الدخول",
|
"captcha_login_enabled":"التفعيل في استمارة تسجيل الدخول",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"Activation",
|
"bruteForceProtection":"Activation",
|
||||||
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
||||||
"bruteForceProtectionLockTimes":"Incremental lock times",
|
"bruteForceProtectionLockTimes":"Incremental lock times",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"Lock time",
|
"bruteForceProtectionTempo":"Lock time",
|
||||||
"cancel":"Abbrechen",
|
"cancel":"Abbrechen",
|
||||||
"captcha_login_enabled":"Activation in login form",
|
"captcha_login_enabled":"Activation in login form",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"Activation",
|
"bruteForceProtection":"Activation",
|
||||||
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
||||||
"bruteForceProtectionLockTimes":"Incremental lock times",
|
"bruteForceProtectionLockTimes":"Incremental lock times",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"Lock time",
|
"bruteForceProtectionTempo":"Lock time",
|
||||||
"cancel":"Cancel",
|
"cancel":"Cancel",
|
||||||
"captcha_login_enabled":"Activation in login form",
|
"captcha_login_enabled":"Activation in login form",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"Activación",
|
"bruteForceProtection":"Activación",
|
||||||
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
||||||
"bruteForceProtectionLockTimes":"Incremental lock times",
|
"bruteForceProtectionLockTimes":"Incremental lock times",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"Lock time",
|
"bruteForceProtectionTempo":"Lock time",
|
||||||
"cancel":"Cancelar",
|
"cancel":"Cancelar",
|
||||||
"captcha_login_enabled":"Activación en formulario de acceso",
|
"captcha_login_enabled":"Activación en formulario de acceso",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"Activation",
|
"bruteForceProtection":"Activation",
|
||||||
"bruteForceProtectionIncrementalTempo":"Verrouillage incrémentiel",
|
"bruteForceProtectionIncrementalTempo":"Verrouillage incrémentiel",
|
||||||
"bruteForceProtectionLockTimes":"Temps de verrouillage incrémentiel",
|
"bruteForceProtectionLockTimes":"Temps de verrouillage incrémentiel",
|
||||||
|
"bruteForceProtectionMaxAge":"Age maximum des échecs",
|
||||||
"bruteForceProtectionMaxFailed":"Nombre d'échecs de connexion autorisés",
|
"bruteForceProtectionMaxFailed":"Nombre d'échecs de connexion autorisés",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Temps maximum de verrouillage",
|
||||||
"bruteForceProtectionTempo":"Temps de verrouillage",
|
"bruteForceProtectionTempo":"Temps de verrouillage",
|
||||||
"cancel":"Annuler",
|
"cancel":"Annuler",
|
||||||
"captcha_login_enabled":"Activation dans le formulaire d'authentification",
|
"captcha_login_enabled":"Activation dans le formulaire d'authentification",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"Attivazione",
|
"bruteForceProtection":"Attivazione",
|
||||||
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
||||||
"bruteForceProtectionLockTimes":"Incremental lock times",
|
"bruteForceProtectionLockTimes":"Incremental lock times",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"Lock time",
|
"bruteForceProtectionTempo":"Lock time",
|
||||||
"cancel":"Cancella",
|
"cancel":"Cancella",
|
||||||
"captcha_login_enabled":"Attivazione nel modulo di login",
|
"captcha_login_enabled":"Attivazione nel modulo di login",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"Aktywacja",
|
"bruteForceProtection":"Aktywacja",
|
||||||
"bruteForceProtectionIncrementalTempo":"Blokada przyrostowa",
|
"bruteForceProtectionIncrementalTempo":"Blokada przyrostowa",
|
||||||
"bruteForceProtectionLockTimes":"Przyrostowe czasy blokady",
|
"bruteForceProtectionLockTimes":"Przyrostowe czasy blokady",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"Dozwolone nieudane logowania",
|
"bruteForceProtectionMaxFailed":"Dozwolone nieudane logowania",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"Czas blokady",
|
"bruteForceProtectionTempo":"Czas blokady",
|
||||||
"cancel":"Anuluj",
|
"cancel":"Anuluj",
|
||||||
"captcha_login_enabled":"Aktywacja w formularzu logowania",
|
"captcha_login_enabled":"Aktywacja w formularzu logowania",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"Aktivasyon",
|
"bruteForceProtection":"Aktivasyon",
|
||||||
"bruteForceProtectionIncrementalTempo":"Artan gecikme",
|
"bruteForceProtectionIncrementalTempo":"Artan gecikme",
|
||||||
"bruteForceProtectionLockTimes":"Artan gecikme zamanı",
|
"bruteForceProtectionLockTimes":"Artan gecikme zamanı",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"İzin verilen başarısız girişler",
|
"bruteForceProtectionMaxFailed":"İzin verilen başarısız girişler",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"Kilit süresi",
|
"bruteForceProtectionTempo":"Kilit süresi",
|
||||||
"cancel":"İptal Et",
|
"cancel":"İptal Et",
|
||||||
"captcha_login_enabled":"Giriş formunda aktivasyon",
|
"captcha_login_enabled":"Giriş formunda aktivasyon",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"Kích hoạt",
|
"bruteForceProtection":"Kích hoạt",
|
||||||
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
||||||
"bruteForceProtectionLockTimes":"Incremental lock times",
|
"bruteForceProtectionLockTimes":"Incremental lock times",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"Lock time",
|
"bruteForceProtectionTempo":"Lock time",
|
||||||
"cancel":"Hủy",
|
"cancel":"Hủy",
|
||||||
"captcha_login_enabled":"Kích hoạt ở dạng đăng nhập",
|
"captcha_login_enabled":"Kích hoạt ở dạng đăng nhập",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"激活",
|
"bruteForceProtection":"激活",
|
||||||
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
"bruteForceProtectionIncrementalTempo":"Incremental lock",
|
||||||
"bruteForceProtectionLockTimes":"Incremental lock times",
|
"bruteForceProtectionLockTimes":"Incremental lock times",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
"bruteForceProtectionMaxFailed":"Allowed failed logins",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"Lock time",
|
"bruteForceProtectionTempo":"Lock time",
|
||||||
"cancel":"取消",
|
"cancel":"取消",
|
||||||
"captcha_login_enabled":" 登录激活",
|
"captcha_login_enabled":" 登录激活",
|
||||||
|
|
|
@ -126,7 +126,9 @@
|
||||||
"bruteForceProtection":"啟用",
|
"bruteForceProtection":"啟用",
|
||||||
"bruteForceProtectionIncrementalTempo":"增量鎖",
|
"bruteForceProtectionIncrementalTempo":"增量鎖",
|
||||||
"bruteForceProtectionLockTimes":"增量鎖時間",
|
"bruteForceProtectionLockTimes":"增量鎖時間",
|
||||||
|
"bruteForceProtectionMaxAge":"Maximum age",
|
||||||
"bruteForceProtectionMaxFailed":"允許的失敗登入",
|
"bruteForceProtectionMaxFailed":"允許的失敗登入",
|
||||||
|
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||||
"bruteForceProtectionTempo":"鎖時間",
|
"bruteForceProtectionTempo":"鎖時間",
|
||||||
"cancel":"取消",
|
"cancel":"取消",
|
||||||
"captcha_login_enabled":"在登入表單中啟用",
|
"captcha_login_enabled":"在登入表單中啟用",
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -39,7 +39,6 @@ my @notManagedAttributes = (
|
||||||
|
|
||||||
# Plugins parameters
|
# Plugins parameters
|
||||||
'notificationsMaxRetrieve', 'persistentSessionAttributes',
|
'notificationsMaxRetrieve', 'persistentSessionAttributes',
|
||||||
'bruteForceProtectionMaxAge', 'bruteForceProtectionMaxLockTime',
|
|
||||||
|
|
||||||
# PSGI/CGI protection (must be set in lemonldap-ng.ini)
|
# PSGI/CGI protection (must be set in lemonldap-ng.ini)
|
||||||
'protection',
|
'protection',
|
||||||
|
|
|
@ -7,7 +7,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
||||||
PE_WAIT
|
PE_WAIT
|
||||||
);
|
);
|
||||||
|
|
||||||
our $VERSION = '2.0.12';
|
our $VERSION = '2.0.14';
|
||||||
|
|
||||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
|
|
||||||
|
@ -56,6 +56,7 @@ sub init {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
my $maxAge = $self->conf->{bruteForceProtectionMaxAge} || 300;
|
||||||
if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) {
|
if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) {
|
||||||
my $lockTimes = @{ $self->lockTimes } =
|
my $lockTimes = @{ $self->lockTimes } =
|
||||||
sort { $a <=> $b }
|
sort { $a <=> $b }
|
||||||
|
@ -87,14 +88,13 @@ sub init {
|
||||||
$lockTimes = $self->conf->{failedLoginNumber};
|
$lockTimes = $self->conf->{failedLoginNumber};
|
||||||
}
|
}
|
||||||
|
|
||||||
my $sum = $self->conf->{bruteForceProtectionMaxAge} *
|
my $sum =
|
||||||
( 1 + $self->conf->{failedLoginNumber} - $lockTimes );
|
$maxAge * ( 1 + $self->conf->{failedLoginNumber} - $lockTimes );
|
||||||
$sum += $_ foreach @{ $self->lockTimes };
|
$sum += $_ foreach @{ $self->lockTimes };
|
||||||
$self->maxAge($sum);
|
$self->maxAge($sum);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->maxAge( $self->conf->{bruteForceProtectionMaxAge} *
|
$self->maxAge( $maxAge * ( 1 + $self->maxFailed ) );
|
||||||
( 1 + $self->maxFailed ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user