Inspection of "Mark IP as whitelisted if brute force protection i..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#4630)

by Lukas

created 2017-05-01 18:36 UTC

Status

Indentation +207 added lines, -207 removed lines patch added patch discarded remove patch

@@ -43,211 +43,211 @@
 block discarded – undo
  * @package OC\Security\Bruteforce
  */
 class Throttler {
-	const LOGIN_ACTION = 'login';
-
-	/** @var IDBConnection */
-	private $db;
-	/** @var ITimeFactory */
-	private $timeFactory;
-	/** @var ILogger */
-	private $logger;
-	/** @var IConfig */
-	private $config;
-
-	/**
-	 * @param IDBConnection $db
-	 * @param ITimeFactory $timeFactory
-	 * @param ILogger $logger
-	 * @param IConfig $config
-	 */
-	public function __construct(IDBConnection $db,
-								ITimeFactory $timeFactory,
-								ILogger $logger,
-								IConfig $config) {
-		$this->db = $db;
-		$this->timeFactory = $timeFactory;
-		$this->logger = $logger;
-		$this->config = $config;
-	}
-
-	/**
-	 * Convert a number of seconds into the appropriate DateInterval
-	 *
-	 * @param int $expire
-	 * @return \DateInterval
-	 */
-	private function getCutoff($expire) {
-		$d1 = new \DateTime();
-		$d2 = clone $d1;
-		$d2->sub(new \DateInterval('PT' . $expire . 'S'));
-		return $d2->diff($d1);
-	}
-
-	/**
-	 * Register a failed attempt to bruteforce a security control
-	 *
-	 * @param string $action
-	 * @param string $ip
-	 * @param array $metadata Optional metadata logged to the database
-	 */
-	public function registerAttempt($action,
-									$ip,
-									array $metadata = []) {
-		// No need to log if the bruteforce protection is disabled
-		if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
-			return;
-		}
-
-		$ipAddress = new IpAddress($ip);
-		$values = [
-			'action' => $action,
-			'occurred' => $this->timeFactory->getTime(),
-			'ip' => (string)$ipAddress,
-			'subnet' => $ipAddress->getSubnet(),
-			'metadata' => json_encode($metadata),
-		];
-
-		$this->logger->notice(
-			sprintf(
-				'Bruteforce attempt from "%s" detected for action "%s".',
-				$ip,
-				$action
-			),
-			[
-				'app' => 'core',
-			]
-		);
-
-		$qb = $this->db->getQueryBuilder();
-		$qb->insert('bruteforce_attempts');
-		foreach($values as $column => $value) {
-			$qb->setValue($column, $qb->createNamedParameter($value));
-		}
-		$qb->execute();
-	}
-
-	/**
-	 * Check if the IP is whitelisted
-	 *
-	 * @param string $ip
-	 * @return bool
-	 */
-	private function isIPWhitelisted($ip) {
-		if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
-			return true;
-		}
-
-		$keys = $this->config->getAppKeys('bruteForce');
-		$keys = array_filter($keys, function($key) {
-			$regex = '/^whitelist_/S';
-			return preg_match($regex, $key) === 1;
-		});
-
-		if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
-			$type = 4;
-		} else if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
-			$type = 6;
-		} else {
-			return false;
-		}
-
-		$ip = inet_pton($ip);
-
-		foreach ($keys as $key) {
-			$cidr = $this->config->getAppValue('bruteForce', $key, null);
-
-			$cx = explode('/', $cidr);
-			$addr = $cx[0];
-			$mask = (int)$cx[1];
-
-			// Do not compare ipv4 to ipv6
-			if (($type === 4 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ||
-				($type === 6 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))) {
-				continue;
-			}
-
-			$addr = inet_pton($addr);
-
-			$valid = true;
-			for($i = 0; $i < $mask; $i++) {
-				$part = ord($addr[(int)($i/8)]);
-				$orig = ord($ip[(int)($i/8)]);
-
-				$part = $part & (15 << (1 - ($i % 2)));
-				$orig = $orig & (15 << (1 - ($i % 2)));
-
-				if ($part !== $orig) {
-					$valid = false;
-					break;
-				}
-			}
-
-			if ($valid === true) {
-				return true;
-			}
-		}
-
-		return false;
-
-	}
-
-	/**
-	 * Get the throttling delay (in milliseconds)
-	 *
-	 * @param string $ip
-	 * @param string $action optionally filter by action
-	 * @return int
-	 */
-	public function getDelay($ip, $action = '') {
-		$ipAddress = new IpAddress($ip);
-		if ($this->isIPWhitelisted((string)$ipAddress)) {
-			return 0;
-		}
-
-		$cutoffTime = (new \DateTime())
-			->sub($this->getCutoff(43200))
-			->getTimestamp();
-
-		$qb = $this->db->getQueryBuilder();
-		$qb->select('*')
-			->from('bruteforce_attempts')
-			->where($qb->expr()->gt('occurred', $qb->createNamedParameter($cutoffTime)))
-			->andWhere($qb->expr()->eq('subnet', $qb->createNamedParameter($ipAddress->getSubnet())));
-
-		if ($action !== '') {
-			$qb->andWhere($qb->expr()->eq('action', $qb->createNamedParameter($action)));
-		}
-
-		$attempts = count($qb->execute()->fetchAll());
-
-		if ($attempts === 0) {
-			return 0;
-		}
-
-		$maxDelay = 30;
-		$firstDelay = 0.1;
-		if ($attempts > (8 * PHP_INT_SIZE - 1))  {
-			// Don't ever overflow. Just assume the maxDelay time:s
-			$firstDelay = $maxDelay;
-		} else {
-			$firstDelay *= pow(2, $attempts);
-			if ($firstDelay > $maxDelay) {
-				$firstDelay = $maxDelay;
-			}
-		}
-		return (int) \ceil($firstDelay * 1000);
-	}
-
-	/**
-	 * Will sleep for the defined amount of time
-	 *
-	 * @param string $ip
-	 * @param string $action optionally filter by action
-	 * @return int the time spent sleeping
-	 */
-	public function sleepDelay($ip, $action = '') {
-		$delay = $this->getDelay($ip, $action);
-		usleep($delay * 1000);
-		return $delay;
-	}
+    const LOGIN_ACTION = 'login';
+
+    /** @var IDBConnection */
+    private $db;
+    /** @var ITimeFactory */
+    private $timeFactory;
+    /** @var ILogger */
+    private $logger;
+    /** @var IConfig */
+    private $config;
+
+    /**
+     * @param IDBConnection $db
+     * @param ITimeFactory $timeFactory
+     * @param ILogger $logger
+     * @param IConfig $config
+     */
+    public function __construct(IDBConnection $db,
+                                ITimeFactory $timeFactory,
+                                ILogger $logger,
+                                IConfig $config) {
+        $this->db = $db;
+        $this->timeFactory = $timeFactory;
+        $this->logger = $logger;
+        $this->config = $config;
+    }
+
+    /**
+     * Convert a number of seconds into the appropriate DateInterval
+     *
+     * @param int $expire
+     * @return \DateInterval
+     */
+    private function getCutoff($expire) {
+        $d1 = new \DateTime();
+        $d2 = clone $d1;
+        $d2->sub(new \DateInterval('PT' . $expire . 'S'));
+        return $d2->diff($d1);
+    }
+
+    /**
+     * Register a failed attempt to bruteforce a security control
+     *
+     * @param string $action
+     * @param string $ip
+     * @param array $metadata Optional metadata logged to the database
+     */
+    public function registerAttempt($action,
+                                    $ip,
+                                    array $metadata = []) {
+        // No need to log if the bruteforce protection is disabled
+        if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
+            return;
+        }
+
+        $ipAddress = new IpAddress($ip);
+        $values = [
+            'action' => $action,
+            'occurred' => $this->timeFactory->getTime(),
+            'ip' => (string)$ipAddress,
+            'subnet' => $ipAddress->getSubnet(),
+            'metadata' => json_encode($metadata),
+        ];
+
+        $this->logger->notice(
+            sprintf(
+                'Bruteforce attempt from "%s" detected for action "%s".',
+                $ip,
+                $action
+            ),
+            [
+                'app' => 'core',
+            ]
+        );
+
+        $qb = $this->db->getQueryBuilder();
+        $qb->insert('bruteforce_attempts');
+        foreach($values as $column => $value) {
+            $qb->setValue($column, $qb->createNamedParameter($value));
+        }
+        $qb->execute();
+    }
+
+    /**
+     * Check if the IP is whitelisted
+     *
+     * @param string $ip
+     * @return bool
+     */
+    private function isIPWhitelisted($ip) {
+        if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
+            return true;
+        }
+
+        $keys = $this->config->getAppKeys('bruteForce');
+        $keys = array_filter($keys, function($key) {
+            $regex = '/^whitelist_/S';
+            return preg_match($regex, $key) === 1;
+        });
+
+        if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+            $type = 4;
+        } else if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+            $type = 6;
+        } else {
+            return false;
+        }
+
+        $ip = inet_pton($ip);
+
+        foreach ($keys as $key) {
+            $cidr = $this->config->getAppValue('bruteForce', $key, null);
+
+            $cx = explode('/', $cidr);
+            $addr = $cx[0];
+            $mask = (int)$cx[1];
+
+            // Do not compare ipv4 to ipv6
+            if (($type === 4 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ||
+                ($type === 6 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))) {
+                continue;
+            }
+
+            $addr = inet_pton($addr);
+
+            $valid = true;
+            for($i = 0; $i < $mask; $i++) {
+                $part = ord($addr[(int)($i/8)]);
+                $orig = ord($ip[(int)($i/8)]);
+
+                $part = $part & (15 << (1 - ($i % 2)));
+                $orig = $orig & (15 << (1 - ($i % 2)));
+
+                if ($part !== $orig) {
+                    $valid = false;
+                    break;
+                }
+            }
+
+            if ($valid === true) {
+                return true;
+            }
+        }
+
+        return false;
+
+    }
+
+    /**
+     * Get the throttling delay (in milliseconds)
+     *
+     * @param string $ip
+     * @param string $action optionally filter by action
+     * @return int
+     */
+    public function getDelay($ip, $action = '') {
+        $ipAddress = new IpAddress($ip);
+        if ($this->isIPWhitelisted((string)$ipAddress)) {
+            return 0;
+        }
+
+        $cutoffTime = (new \DateTime())
+            ->sub($this->getCutoff(43200))
+            ->getTimestamp();
+
+        $qb = $this->db->getQueryBuilder();
+        $qb->select('*')
+            ->from('bruteforce_attempts')
+            ->where($qb->expr()->gt('occurred', $qb->createNamedParameter($cutoffTime)))
+            ->andWhere($qb->expr()->eq('subnet', $qb->createNamedParameter($ipAddress->getSubnet())));
+
+        if ($action !== '') {
+            $qb->andWhere($qb->expr()->eq('action', $qb->createNamedParameter($action)));
+        }
+
+        $attempts = count($qb->execute()->fetchAll());
+
+        if ($attempts === 0) {
+            return 0;
+        }
+
+        $maxDelay = 30;
+        $firstDelay = 0.1;
+        if ($attempts > (8 * PHP_INT_SIZE - 1))  {
+            // Don't ever overflow. Just assume the maxDelay time:s
+            $firstDelay = $maxDelay;
+        } else {
+            $firstDelay *= pow(2, $attempts);
+            if ($firstDelay > $maxDelay) {
+                $firstDelay = $maxDelay;
+            }
+        }
+        return (int) \ceil($firstDelay * 1000);
+    }
+
+    /**
+     * Will sleep for the defined amount of time
+     *
+     * @param string $ip
+     * @param string $action optionally filter by action
+     * @return int the time spent sleeping
+     */
+    public function sleepDelay($ip, $action = '') {
+        $delay = $this->getDelay($ip, $action);
+        usleep($delay * 1000);
+        return $delay;
+    }
 }

Please login to merge, or discard this patch.

		@@ -43,211 +43,211 @@
		block discarded – undo
43	43	* @package OC\Security\Bruteforce
44	44	*/
45	45	class Throttler {
46		- const LOGIN_ACTION = 'login';
47		-
48		- /** @var IDBConnection */
49		- private $db;
50		- /** @var ITimeFactory */
51		- private $timeFactory;
52		- /** @var ILogger */
53		- private $logger;
54		- /** @var IConfig */
55		- private $config;
56		-
57		- /**
58		- * @param IDBConnection $db
59		- * @param ITimeFactory $timeFactory
60		- * @param ILogger $logger
61		- * @param IConfig $config
62		- */
63		- public function __construct(IDBConnection $db,
64		- ITimeFactory $timeFactory,
65		- ILogger $logger,
66		- IConfig $config) {
67		- $this->db = $db;
68		- $this->timeFactory = $timeFactory;
69		- $this->logger = $logger;
70		- $this->config = $config;
71		- }
72		-
73		- /**
74		- * Convert a number of seconds into the appropriate DateInterval
75		- *
76		- * @param int $expire
77		- * @return \DateInterval
78		- */
79		- private function getCutoff($expire) {
80		- $d1 = new \DateTime();
81		- $d2 = clone $d1;
82		- $d2->sub(new \DateInterval('PT' . $expire . 'S'));
83		- return $d2->diff($d1);
84		- }
85		-
86		- /**
87		- * Register a failed attempt to bruteforce a security control
88		- *
89		- * @param string $action
90		- * @param string $ip
91		- * @param array $metadata Optional metadata logged to the database
92		- */
93		- public function registerAttempt($action,
94		- $ip,
95		- array $metadata = []) {
96		- // No need to log if the bruteforce protection is disabled
97		- if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
98		- return;
99		- }
100		-
101		- $ipAddress = new IpAddress($ip);
102		- $values = [
103		- 'action' => $action,
104		- 'occurred' => $this->timeFactory->getTime(),
105		- 'ip' => (string)$ipAddress,
106		- 'subnet' => $ipAddress->getSubnet(),
107		- 'metadata' => json_encode($metadata),
108		- ];
109		-
110		- $this->logger->notice(
111		- sprintf(
112		- 'Bruteforce attempt from "%s" detected for action "%s".',
113		- $ip,
114		- $action
115		- ),
116		- [
117		- 'app' => 'core',
118		- ]
119		- );
120		-
121		- $qb = $this->db->getQueryBuilder();
122		- $qb->insert('bruteforce_attempts');
123		- foreach($values as $column => $value) {
124		- $qb->setValue($column, $qb->createNamedParameter($value));
125		- }
126		- $qb->execute();
127		- }
128		-
129		- /**
130		- * Check if the IP is whitelisted
131		- *
132		- * @param string $ip
133		- * @return bool
134		- */
135		- private function isIPWhitelisted($ip) {
136		- if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
137		- return true;
138		- }
139		-
140		- $keys = $this->config->getAppKeys('bruteForce');
141		- $keys = array_filter($keys, function($key) {
142		- $regex = '/^whitelist_/S';
143		- return preg_match($regex, $key) === 1;
144		- });
145		-
146		- if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
147		- $type = 4;
148		- } else if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
149		- $type = 6;
150		- } else {
151		- return false;
152		- }
153		-
154		- $ip = inet_pton($ip);
155		-
156		- foreach ($keys as $key) {
157		- $cidr = $this->config->getAppValue('bruteForce', $key, null);
158		-
159		- $cx = explode('/', $cidr);
160		- $addr = $cx[0];
161		- $mask = (int)$cx[1];
162		-
163		- // Do not compare ipv4 to ipv6
164		- if (($type === 4 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) \|\|
165		- ($type === 6 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))) {
166		- continue;
167		- }
168		-
169		- $addr = inet_pton($addr);
170		-
171		- $valid = true;
172		- for($i = 0; $i < $mask; $i++) {
173		- $part = ord($addr[(int)($i/8)]);
174		- $orig = ord($ip[(int)($i/8)]);
175		-
176		- $part = $part & (15 << (1 - ($i % 2)));
177		- $orig = $orig & (15 << (1 - ($i % 2)));
178		-
179		- if ($part !== $orig) {
180		- $valid = false;
181		- break;
182		- }
183		- }
184		-
185		- if ($valid === true) {
186		- return true;
187		- }
188		- }
189		-
190		- return false;
191		-
192		- }
193		-
194		- /**
195		- * Get the throttling delay (in milliseconds)
196		- *
197		- * @param string $ip
198		- * @param string $action optionally filter by action
199		- * @return int
200		- */
201		- public function getDelay($ip, $action = '') {
202		- $ipAddress = new IpAddress($ip);
203		- if ($this->isIPWhitelisted((string)$ipAddress)) {
204		- return 0;
205		- }
206		-
207		- $cutoffTime = (new \DateTime())
208		- ->sub($this->getCutoff(43200))
209		- ->getTimestamp();
210		-
211		- $qb = $this->db->getQueryBuilder();
212		- $qb->select('*')
213		- ->from('bruteforce_attempts')
214		- ->where($qb->expr()->gt('occurred', $qb->createNamedParameter($cutoffTime)))
215		- ->andWhere($qb->expr()->eq('subnet', $qb->createNamedParameter($ipAddress->getSubnet())));
216		-
217		- if ($action !== '') {
218		- $qb->andWhere($qb->expr()->eq('action', $qb->createNamedParameter($action)));
219		- }
220		-
221		- $attempts = count($qb->execute()->fetchAll());
222		-
223		- if ($attempts === 0) {
224		- return 0;
225		- }
226		-
227		- $maxDelay = 30;
228		- $firstDelay = 0.1;
229		- if ($attempts > (8 * PHP_INT_SIZE - 1)) {
230		- // Don't ever overflow. Just assume the maxDelay time:s
231		- $firstDelay = $maxDelay;
232		- } else {
233		- $firstDelay *= pow(2, $attempts);
234		- if ($firstDelay > $maxDelay) {
235		- $firstDelay = $maxDelay;
236		- }
237		- }
238		- return (int) \ceil($firstDelay * 1000);
239		- }
240		-
241		- /**
242		- * Will sleep for the defined amount of time
243		- *
244		- * @param string $ip
245		- * @param string $action optionally filter by action
246		- * @return int the time spent sleeping
247		- */
248		- public function sleepDelay($ip, $action = '') {
249		- $delay = $this->getDelay($ip, $action);
250		- usleep($delay * 1000);
251		- return $delay;
252		- }
	46	+ const LOGIN_ACTION = 'login';
	47	+
	48	+ /** @var IDBConnection */
	49	+ private $db;
	50	+ /** @var ITimeFactory */
	51	+ private $timeFactory;
	52	+ /** @var ILogger */
	53	+ private $logger;
	54	+ /** @var IConfig */
	55	+ private $config;
	56	+
	57	+ /**
	58	+ * @param IDBConnection $db
	59	+ * @param ITimeFactory $timeFactory
	60	+ * @param ILogger $logger
	61	+ * @param IConfig $config
	62	+ */
	63	+ public function __construct(IDBConnection $db,
	64	+ ITimeFactory $timeFactory,
	65	+ ILogger $logger,
	66	+ IConfig $config) {
	67	+ $this->db = $db;
	68	+ $this->timeFactory = $timeFactory;
	69	+ $this->logger = $logger;
	70	+ $this->config = $config;
	71	+ }
	72	+
	73	+ /**
	74	+ * Convert a number of seconds into the appropriate DateInterval
	75	+ *
	76	+ * @param int $expire
	77	+ * @return \DateInterval
	78	+ */
	79	+ private function getCutoff($expire) {
	80	+ $d1 = new \DateTime();
	81	+ $d2 = clone $d1;
	82	+ $d2->sub(new \DateInterval('PT' . $expire . 'S'));
	83	+ return $d2->diff($d1);
	84	+ }
	85	+
	86	+ /**
	87	+ * Register a failed attempt to bruteforce a security control
	88	+ *
	89	+ * @param string $action
	90	+ * @param string $ip
	91	+ * @param array $metadata Optional metadata logged to the database
	92	+ */
	93	+ public function registerAttempt($action,
	94	+ $ip,
	95	+ array $metadata = []) {
	96	+ // No need to log if the bruteforce protection is disabled
	97	+ if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
	98	+ return;
	99	+ }
	100	+
	101	+ $ipAddress = new IpAddress($ip);
	102	+ $values = [
	103	+ 'action' => $action,
	104	+ 'occurred' => $this->timeFactory->getTime(),
	105	+ 'ip' => (string)$ipAddress,
	106	+ 'subnet' => $ipAddress->getSubnet(),
	107	+ 'metadata' => json_encode($metadata),
	108	+ ];
	109	+
	110	+ $this->logger->notice(
	111	+ sprintf(
	112	+ 'Bruteforce attempt from "%s" detected for action "%s".',
	113	+ $ip,
	114	+ $action
	115	+ ),
	116	+ [
	117	+ 'app' => 'core',
	118	+ ]
	119	+ );
	120	+
	121	+ $qb = $this->db->getQueryBuilder();
	122	+ $qb->insert('bruteforce_attempts');
	123	+ foreach($values as $column => $value) {
	124	+ $qb->setValue($column, $qb->createNamedParameter($value));
	125	+ }
	126	+ $qb->execute();
	127	+ }
	128	+
	129	+ /**
	130	+ * Check if the IP is whitelisted
	131	+ *
	132	+ * @param string $ip
	133	+ * @return bool
	134	+ */
	135	+ private function isIPWhitelisted($ip) {
	136	+ if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
	137	+ return true;
	138	+ }
	139	+
	140	+ $keys = $this->config->getAppKeys('bruteForce');
	141	+ $keys = array_filter($keys, function($key) {
	142	+ $regex = '/^whitelist_/S';
	143	+ return preg_match($regex, $key) === 1;
	144	+ });
	145	+
	146	+ if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
	147	+ $type = 4;
	148	+ } else if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
	149	+ $type = 6;
	150	+ } else {
	151	+ return false;
	152	+ }
	153	+
	154	+ $ip = inet_pton($ip);
	155	+
	156	+ foreach ($keys as $key) {
	157	+ $cidr = $this->config->getAppValue('bruteForce', $key, null);
	158	+
	159	+ $cx = explode('/', $cidr);
	160	+ $addr = $cx[0];
	161	+ $mask = (int)$cx[1];
	162	+
	163	+ // Do not compare ipv4 to ipv6
	164	+ if (($type === 4 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) \|\|
	165	+ ($type === 6 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))) {
	166	+ continue;
	167	+ }
	168	+
	169	+ $addr = inet_pton($addr);
	170	+
	171	+ $valid = true;
	172	+ for($i = 0; $i < $mask; $i++) {
	173	+ $part = ord($addr[(int)($i/8)]);
	174	+ $orig = ord($ip[(int)($i/8)]);
	175	+
	176	+ $part = $part & (15 << (1 - ($i % 2)));
	177	+ $orig = $orig & (15 << (1 - ($i % 2)));
	178	+
	179	+ if ($part !== $orig) {
	180	+ $valid = false;
	181	+ break;
	182	+ }
	183	+ }
	184	+
	185	+ if ($valid === true) {
	186	+ return true;
	187	+ }
	188	+ }
	189	+
	190	+ return false;
	191	+
	192	+ }
	193	+
	194	+ /**
	195	+ * Get the throttling delay (in milliseconds)
	196	+ *
	197	+ * @param string $ip
	198	+ * @param string $action optionally filter by action
	199	+ * @return int
	200	+ */
	201	+ public function getDelay($ip, $action = '') {
	202	+ $ipAddress = new IpAddress($ip);
	203	+ if ($this->isIPWhitelisted((string)$ipAddress)) {
	204	+ return 0;
	205	+ }
	206	+
	207	+ $cutoffTime = (new \DateTime())
	208	+ ->sub($this->getCutoff(43200))
	209	+ ->getTimestamp();
	210	+
	211	+ $qb = $this->db->getQueryBuilder();
	212	+ $qb->select('*')
	213	+ ->from('bruteforce_attempts')
	214	+ ->where($qb->expr()->gt('occurred', $qb->createNamedParameter($cutoffTime)))
	215	+ ->andWhere($qb->expr()->eq('subnet', $qb->createNamedParameter($ipAddress->getSubnet())));
	216	+
	217	+ if ($action !== '') {
	218	+ $qb->andWhere($qb->expr()->eq('action', $qb->createNamedParameter($action)));
	219	+ }
	220	+
	221	+ $attempts = count($qb->execute()->fetchAll());
	222	+
	223	+ if ($attempts === 0) {
	224	+ return 0;
	225	+ }
	226	+
	227	+ $maxDelay = 30;
	228	+ $firstDelay = 0.1;
	229	+ if ($attempts > (8 * PHP_INT_SIZE - 1)) {
	230	+ // Don't ever overflow. Just assume the maxDelay time:s
	231	+ $firstDelay = $maxDelay;
	232	+ } else {
	233	+ $firstDelay *= pow(2, $attempts);
	234	+ if ($firstDelay > $maxDelay) {
	235	+ $firstDelay = $maxDelay;
	236	+ }
	237	+ }
	238	+ return (int) \ceil($firstDelay * 1000);
	239	+ }
	240	+
	241	+ /**
	242	+ * Will sleep for the defined amount of time
	243	+ *
	244	+ * @param string $ip
	245	+ * @param string $action optionally filter by action
	246	+ * @return int the time spent sleeping
	247	+ */
	248	+ public function sleepDelay($ip, $action = '') {
	249	+ $delay = $this->getDelay($ip, $action);
	250	+ usleep($delay * 1000);
	251	+ return $delay;
	252	+ }
253	253	}

nextcloud / server

Pull Request — master (#4630)

Status

Category

Indentation +207 added lines, -207 removed lines patch added patch discarded remove patch