WIP - Return PE_WAIT msg & timer (#1506)

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm

@@ -91,6 +91,7 @@ use constant {
     PE_U2FFAILED                        => 83,
     PE_UNAUTHORIZEDPARTNER              => 84,
     PE_RENEWSESSION                     => 85,
+    PE_WAIT                             => 86,
 };
 
 # EXPORTER PARAMETERS
@@ -116,7 +117,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
   PE_RADIUSCONNECTFAILED PE_MUST_SUPPLY_OLD_PASSWORD PE_FORBIDDENIP
   PE_CAPTCHAERROR PE_CAPTCHAEMPTY PE_REGISTERFIRSTACCESS PE_REGISTERFORMEMPTY
   PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
-  PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE
+  PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT
 );
 our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
 

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm

@@ -8,6 +8,7 @@ package Lemonldap::NG::Portal::Main;
 use strict;
 use Mouse;
 use JSON;
+use Data::Dumper;
 
 has skinRules => ( is => 'rw' );
 
@@ -119,6 +120,7 @@ sub display {
     # 1.3 There is a message to display
     elsif ( my $info = $req->info ) {
         $self->logger->debug('Display: info detected');
+        $self->logger->debug('Hidden values -> '. Dumper( $req->{portalHiddenFormValues}));
         $skinfile       = 'info';
         %templateParams = (
             AUTH_ERROR      => $self->error,
@@ -138,6 +140,22 @@ sub display {
         );
     }
 
+    # 1.4 Brute-Force attack detected
+    elsif ( $req->{error} == PE_WAIT ) {
+        $self->logger->debug('Display: waiting before retrying authentication');
+        $self->logger->debug('Hidden values -> '. Dumper( $req->{portalHiddenFormValues}));
+        $skinfile       = 'info';
+        %templateParams = (
+            AUTH_ERROR      => $self->error,
+            AUTH_ERROR_TYPE => $req->error_type,
+            MSG             => '<span trspan="' . "PE$req->{error}" . '">">' . "PE$req->{error}" . '</span>',
+            URL             => $req->{urldc},
+            HIDDEN_INPUTS   => $self->buildHiddenForm($req),
+            ACTIVE_TIMER    => $req->data->{activeTimer},
+            FORM_METHOD     => $self->conf->{infoFormMethod},
+        );
+    }
+
     # 1.4 OpenID menu page
     elsif ($req->{error} == PE_OPENID_EMPTY
         or $req->{error} == PE_OPENID_BADID )
@@ -215,7 +233,7 @@ sub display {
         );
     }
 
-    # 2.3 Case : user authenticated but an error was returned (bas url,...)
+    # 2.3 Case : user authenticated but an error was returned (bad url,...)
     elsif (
         $req->noLoginDisplay
         or (    not $req->data->{noerror}

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm

@@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Plugins::BruteForceProtection;
 use Data::Dumper;
 use strict;
 use Mouse;
-use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);
+use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_WAIT);
 
 our $VERSION = '2.0.0';
 
@@ -49,7 +49,8 @@ sub run {
 # If Delta between the two last failed logins < 10s and more than 2 failedLogins => waiting = failedLogins * 10s
     if ( $countFailed > 2 and ( $delta < 10 ) ) {
 
-        sleep $countFailed * 10;
+        #sleep $countFailed * 10;
+        return PE_WAIT;
 
     }
 

lemonldap-ng-portal/site/htdocs/static/languages/ar.json

@@ -85,6 +85,7 @@
 "PE83":"U2F verification failed. Retry or contact your administrator",
 "PE84":"You're not authorized to access to this host",
 "PE85":" الموقع البعيد يطلب جلسة جديدة (ولم يتم تحميل برنامج ترقية الجلسة).\nسجل الخروج و أعد المحاولة",
+"PE86":"You must wait before trying to authenticate again",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"قبول",
 "accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",

lemonldap-ng-portal/site/htdocs/static/languages/de.json

@@ -85,6 +85,7 @@
 "PE83":"U2F-Überprüfung fehlgeschlagen. Versuchen Sie es erneut oder wenden Sie sich an Ihren Administrator",
 "PE84":"Sie sind nicht berechtigt, auf diesen Host zuzugreifen",
 "PE85":"Die Gegenseite fragt nach einer neueren Sitzung (und das UpgradeSession-Plugin wurde nicht geladen). Abmelden und erneut versuchen",
+"PE86":"You must wait before trying to authenticate again",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Akzeptieren",
 "accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",

lemonldap-ng-portal/site/htdocs/static/languages/en.json

@@ -85,6 +85,7 @@
 "PE83":"U2F verification failed. Retry or contact your administrator",
 "PE84":"You're not authorized to access to this host",
 "PE85":"The remote site ask for a newer session (and UpgradeSession plugin isn't loaded). Logout and retry",
+"PE86":"You must wait before trying to authenticate again",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",

lemonldap-ng-portal/site/htdocs/static/languages/es.json

@@ -85,6 +85,7 @@
 "PE83":"U2F verification failed. Retry or contact your administrator",
 "PE84":"You're not authorized to access to this host",
 "PE85":"The remote site ask for a newer session (and UpgradeSession plugin isn't loaded). Logout and retry",
+"PE86":"You must wait before trying to authenticate again",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",

lemonldap-ng-portal/site/htdocs/static/languages/fr.json

@@ -85,6 +85,7 @@
 "PE83":"La vérification U2F a échoué. Réessayez ou contactez votre administrateur",
 "PE84":"Vous n'êtes pas autorisé à accéder à ce site",
 "PE85":"Le site souhaite une authentification plus récente (et le plugin UpgradeSession n'est pas chargé). Déconnectez-vous et réessayez",
+"PE86":"Vous devez attendre avant de pouvoir vous ré-authentifier",
 "2fRegRequired":"Ce service requiert une authentification à deux facteurs. Enregistrez un équipement ici et retournez au portail.",
 "accept":"Accepter",
 "accessDenied":"Vous n'avez pas les droits d'accès à cette application",

lemonldap-ng-portal/site/htdocs/static/languages/it.json

@@ -85,6 +85,7 @@
 "PE83":"U2F verification failed. Retry or contact your administrator",
 "PE84":"Non sei autorizzato ad accedere a questo host",
 "PE85":"Il sito remoto richiede una sessione più recente (e il plug-in di UpgradeSession non viene caricato). Disconnetti e riprova",
+"PE86":"You must wait before trying to authenticate again",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accetta",
 "accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",

lemonldap-ng-portal/site/htdocs/static/languages/nl.json

@@ -85,6 +85,7 @@
 "PE83":"U2F verification failed. Retry or contact your administrator",
 "PE84":"You're not authorized to access to this host",
 "PE85":"The remote site ask for a newer session (and UpgradeSession plugin isn't loaded). Logout and retry",
+"PE86":"You must wait before trying to authenticate again",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",

lemonldap-ng-portal/site/htdocs/static/languages/pt.json

@@ -85,6 +85,7 @@
 "PE83":"U2F verification failed. Retry or contact your administrator",
 "PE84":"You're not authorized to access to this host",
 "PE85":"The remote site ask for a newer session (and UpgradeSession plugin isn't loaded). Logout and retry",
+"PE86":"You must wait before trying to authenticate again",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",

lemonldap-ng-portal/site/htdocs/static/languages/ro.json

@@ -85,6 +85,7 @@
 "PE83":"U2F verification failed. Retry or contact your administrator",
 "PE84":"You're not authorized to access to this host",
 "PE85":"The remote site ask for a newer session (and UpgradeSession plugin isn't loaded). Logout and retry",
+"PE86":"You must wait before trying to authenticate again",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",

lemonldap-ng-portal/site/htdocs/static/languages/vi.json

@@ -85,6 +85,7 @@
 "PE83":"Xác minh U2F không thành công",
 "PE84":"Bạn không được phép truy cập vào máy chủ lưu trữ này",
 "PE85":"Trang web từ xa yêu cầu một phiên mới (và plugin UpgradeSession không được tải). Đăng xuất và thử lại ",
+"PE86":"You must wait before trying to authenticate again",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Chấp nhận",
 "accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",