Append BruteForceProtection (#1506)
This commit is contained in:
parent
1662f471bb
commit
d4eb025de3
|
@ -20,6 +20,8 @@ sub defaultValues {
|
|||
'available2F' => 'UTOTP,TOTP,U2F,REST,Ext2F,Yubikey',
|
||||
'available2FSelfRegistration' => 'TOTP,U2F,Yubikey',
|
||||
'bruteForceProtection' => 1,
|
||||
'bruteForceProtectionMaxAge' => 300,
|
||||
'bruteForceProtectionTempo' => 30,
|
||||
'captcha_mail_enabled' => 1,
|
||||
'captcha_register_enabled' => 1,
|
||||
'captcha_size' => 6,
|
||||
|
|
|
@ -611,6 +611,14 @@ sub attributes {
|
|||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'bruteForceProtectionMaxAge' => {
|
||||
'default' => 300,
|
||||
'type' => 'int'
|
||||
},
|
||||
'bruteForceProtectionTempo' => {
|
||||
'default' => 30,
|
||||
'type' => 'int'
|
||||
},
|
||||
'captcha_login_enabled' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
|
|
File diff suppressed because it is too large
Load Diff
1154
lemonldap-ng-manager/site/htdocs/static/js/conftree.js
Normal file
1154
lemonldap-ng-manager/site/htdocs/static/js/conftree.js
Normal file
File diff suppressed because it is too large
Load Diff
|
@ -23,6 +23,9 @@ my @notManagedAttributes = (
|
|||
# Second factor engine and lists of 2F modules
|
||||
'sfEngine', 'available2FSelfRegistration', 'available2F',
|
||||
|
||||
# Brute forece attack protection parameters
|
||||
'bruteForceProtectionMaxAge', 'bruteForceProtectionTempo',
|
||||
|
||||
# Metadatas (added by manager itself)
|
||||
'cfgAuthor', 'cfgAuthorIP', 'cfgNum', 'cfgDate', 'cfgLog', 'cfgVersion',
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ sub init {1}
|
|||
sub run {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
my $MaxAge = 0;
|
||||
my $countFailed = 0;
|
||||
my @lastFailedLoginEpoch = ();
|
||||
|
||||
|
@ -27,7 +28,7 @@ sub run {
|
|||
$countFailed = @{ $req->sessionInfo->{_loginHistory}->{failedLogin} };
|
||||
}
|
||||
|
||||
$self->logger->debug( " Number of failedLogin = $countFailed" );
|
||||
$self->logger->debug(" Number of failedLogin = $countFailed");
|
||||
return PE_OK if ( $countFailed < 3 );
|
||||
|
||||
foreach ( 0 .. 2 ) {
|
||||
|
@ -39,19 +40,20 @@ sub run {
|
|||
}
|
||||
}
|
||||
|
||||
# If Auth_N-2 older than 5 minutes -> another try allowed
|
||||
# If Auth_N-2 older than MaxAge -> another try allowed
|
||||
$MaxAge = $lastFailedLoginEpoch[0] - $lastFailedLoginEpoch[2];
|
||||
$self->logger->debug( " MaxAge = $MaxAge" );
|
||||
return PE_OK
|
||||
if ( ( $lastFailedLoginEpoch[0] - $lastFailedLoginEpoch[2] ) > 300 );
|
||||
if ( $MaxAge > $self->conf->{bruteForceProtectionMaxAge} );
|
||||
|
||||
# Delta between the two last failed logins -> Auth_N - Auth_N-1
|
||||
my $delta = time - $lastFailedLoginEpoch[1];
|
||||
|
||||
$self->logger->debug( " Local time = " . time );
|
||||
$self->logger->debug(" Delta time - lastFailedLoginN-1 = $delta");
|
||||
$self->logger->debug(" Delta = $delta");
|
||||
|
||||
# Delta between the two last failed logins < 30s => wait
|
||||
return PE_OK unless ( $delta < 31 );
|
||||
|
||||
return PE_OK
|
||||
unless ( $delta <= $self->conf->{bruteForceProtectionTempo} );
|
||||
|
||||
# Account locked
|
||||
shift @{ $req->sessionInfo->{_loginHistory}->{failedLogin} };
|
||||
return PE_WAIT;
|
||||
|
|
Loading…
Reference in New Issue
Block a user