owncloud /
security
@@ -23,9 +23,9 @@ |
||
| 23 | 23 | } |
| 24 | 24 | require_once __DIR__.'/../../../lib/base.php'; |
| 25 | 25 | |
| 26 | -OC::$composerAutoloader->addPsr4('Test\\', OC::$SERVERROOT . '/tests/lib', true);
|
|
| 26 | +OC::$composerAutoloader->addPsr4('Test\\', OC::$SERVERROOT.'/tests/lib', true);
|
|
| 27 | 27 | |
| 28 | -if(!class_exists('PHPUnit_Framework_TestCase')) {
|
|
| 28 | +if (!class_exists('PHPUnit_Framework_TestCase')) {
|
|
| 29 | 29 | require_once('PHPUnit/Autoload.php');
|
| 30 | 30 | } |
| 31 | 31 | |
@@ -22,7 +22,7 @@ discard block |
||
| 22 | 22 | use OC\HintException; |
| 23 | 23 | use OCP\IL10N; |
| 24 | 24 | |
| 25 | -class PasswordValidator {
|
|
| 25 | +class PasswordValidator {
|
|
| 26 | 26 | |
| 27 | 27 | /** @var SecurityConfig */ |
| 28 | 28 | protected $config; |
@@ -62,8 +62,8 @@ discard block |
||
| 62 | 62 | */ |
| 63 | 63 | public function checkPasswordLength($password) {
|
| 64 | 64 | $minPassLength = $this->config->getMinPasswordLength(); |
| 65 | - if(strlen($password) < $minPassLength) {
|
|
| 66 | - $message = 'Password needs to be at least ' . $minPassLength . ' characters long'; |
|
| 65 | + if (strlen($password) < $minPassLength) {
|
|
| 66 | + $message = 'Password needs to be at least '.$minPassLength.' characters long'; |
|
| 67 | 67 | $hint = $this->l->t( |
| 68 | 68 | 'Password needs to be at least %s characters long', [$minPassLength] |
| 69 | 69 | ); |
@@ -78,8 +78,8 @@ discard block |
||
| 78 | 78 | * @throws HintException |
| 79 | 79 | */ |
| 80 | 80 | public function checkUpperLowerCase($password) {
|
| 81 | - $enforceUpperLowerCase= $this->config->getIsUpperLowerCaseEnforced(); |
|
| 82 | - if($enforceUpperLowerCase === true && $this->hasUpperAndLowerCase($password) === false) {
|
|
| 81 | + $enforceUpperLowerCase = $this->config->getIsUpperLowerCaseEnforced(); |
|
| 82 | + if ($enforceUpperLowerCase === true && $this->hasUpperAndLowerCase($password) === false) {
|
|
| 83 | 83 | $message = 'Password should contain at least one upper and one lower case character.'; |
| 84 | 84 | $hint = $this->l->t( |
| 85 | 85 | 'Password should contain at least one upper and one lower case character.' |
@@ -96,7 +96,7 @@ discard block |
||
| 96 | 96 | */ |
| 97 | 97 | public function checkNumericCharacters($password) {
|
| 98 | 98 | $enforceNumericCharacters = $this->config->getIsNumericCharactersEnforced(); |
| 99 | - if($enforceNumericCharacters === true && $this->hasNumericalCharacters($password) === false) {
|
|
| 99 | + if ($enforceNumericCharacters === true && $this->hasNumericalCharacters($password) === false) {
|
|
| 100 | 100 | $message = 'Password should contain at least one numerical character.'; |
| 101 | 101 | $hint = $this->l->t( |
| 102 | 102 | 'Password should contain at least one numerical character.' |
@@ -113,7 +113,7 @@ discard block |
||
| 113 | 113 | */ |
| 114 | 114 | public function checkSpecialCharacters($password) {
|
| 115 | 115 | $enforceSpecialCharacters = $this->config->getIsSpecialCharactersEnforced(); |
| 116 | - if($enforceSpecialCharacters === true && $this->hasSpecialCharacter($password) === false) {
|
|
| 116 | + if ($enforceSpecialCharacters === true && $this->hasSpecialCharacter($password) === false) {
|
|
| 117 | 117 | $message = 'Password should contain at least one special character.'; |
| 118 | 118 | $hint = $this->l->t( |
| 119 | 119 | 'Password should contain at least one special character.' |
@@ -31,7 +31,7 @@ |
||
| 31 | 31 | |
| 32 | 32 | class Application extends App {
|
| 33 | 33 | |
| 34 | - public function __construct(array $urlParams=array()){
|
|
| 34 | + public function __construct(array $urlParams = array()) {
|
|
| 35 | 35 | parent::__construct('security', $urlParams);
|
| 36 | 36 | |
| 37 | 37 | $container = $this->getContainer(); |
@@ -55,7 +55,7 @@ |
||
| 55 | 55 | * @param PasswordValidator $passValidator |
| 56 | 56 | * @param EventDispatcherInterface $dispatcher |
| 57 | 57 | */ |
| 58 | - public function __construct($userManager, $throttle, $request, $passValidator, $dispatcher){ |
|
| 58 | + public function __construct($userManager, $throttle, $request, $passValidator, $dispatcher) { |
|
| 59 | 59 | $this->userManager = $userManager; |
| 60 | 60 | $this->throttle = $throttle; |
| 61 | 61 | $this->request = $request; |
@@ -25,15 +25,15 @@ |
||
| 25 | 25 | ?> |
| 26 | 26 | <div id="password-policies" class="hidden"> |
| 27 | 27 | <?php print_unescaped( |
| 28 | - "<p>". $l->t('Passwords must:'). "</p>");?>
|
|
| 28 | + "<p>".$l->t('Passwords must:')."</p>"); ?>
|
|
| 29 | 29 | <ul class="pass-info"> |
| 30 | 30 | <?php print_unescaped( |
| 31 | - "<li class='pass-info-element'>". $l->t('be at least %s characters long ', $_['minPasswordLength']). "</li>");?>
|
|
| 31 | + "<li class='pass-info-element'>".$l->t('be at least %s characters long ', $_['minPasswordLength'])."</li>"); ?>
|
|
| 32 | 32 | <?php if ($_['isUpperLowerCaseEnforced']) print_unescaped( |
| 33 | - "<li class='pass-info-element'>". $l->t('contain at least one uppercase letter and at least one lowercase letter '). "</li>");?>
|
|
| 33 | + "<li class='pass-info-element'>".$l->t('contain at least one uppercase letter and at least one lowercase letter ')."</li>"); ?>
|
|
| 34 | 34 | <?php if ($_['isNumericalCharsEnforced']) print_unescaped( |
| 35 | - "<li class='pass-info-element'>". $l->t('contain at least one numerical character'). "</li>");?>
|
|
| 35 | + "<li class='pass-info-element'>".$l->t('contain at least one numerical character')."</li>"); ?>
|
|
| 36 | 36 | <?php if ($_['isSpecialCharsEnforced']) print_unescaped( |
| 37 | - "<li class='pass-info-element'>". $l->t('contain at least one special character'). "</li>");?>
|
|
| 37 | + "<li class='pass-info-element'>".$l->t('contain at least one special character')."</li>"); ?>
|
|
| 38 | 38 | </ul> |
| 39 | 39 | </div> |
@@ -32,7 +32,7 @@ discard block |
||
| 32 | 32 | <input type="number" id="security-bfp-fail-tolerance" value="<?php p($_['bruteForceProtectionFailTolerance']) ?>"><br> |
| 33 | 33 | <label for="security-bfp-ban-period"><?php p($l->t('Ban for how many seconds?')) ?></label><br>
|
| 34 | 34 | <input type="number" id="security-bfp-ban-period" value="<?php p($_['bruteForceProtectionBanPeriod']) ?>"><br> |
| 35 | - <button id="save-bfp-settings" class="save"><?php p($l->t('Save settings'));?></button>
|
|
| 35 | + <button id="save-bfp-settings" class="save"><?php p($l->t('Save settings')); ?></button>
|
|
| 36 | 36 | </div> |
| 37 | 37 | </div> |
| 38 | 38 | <div id="security-password-policy" class="section"> |
@@ -40,22 +40,22 @@ discard block |
||
| 40 | 40 | <div> |
| 41 | 41 | <label for="security-min-password-length"><?php p($l->t('Determine minimum password length')) ?></label>
|
| 42 | 42 | <input type="number" id="security-min-password-length" min="6" value="<?php p($_['minPasswordLength']) ?>"> |
| 43 | - <button id="save-pass-length" class="save"><?php p($l->t('Save length'));?></button>
|
|
| 43 | + <button id="save-pass-length" class="save"><?php p($l->t('Save length')); ?></button>
|
|
| 44 | 44 | <span id="security-min-password-length-message" class="msg"></span> |
| 45 | 45 | </div> |
| 46 | 46 | <div> |
| 47 | 47 | <input type="checkbox" class="checkbox" id="security-enforce-upper-lower-case" |
| 48 | - <?php if ($_['isUpperLowerCaseEnforced']) p("checked");?> >
|
|
| 48 | + <?php if ($_['isUpperLowerCaseEnforced']) p("checked"); ?> >
|
|
| 49 | 49 | <label for="security-enforce-upper-lower-case"><?php p($l->t('Enforce at least one upper and one lower case character on passwords')) ?></label>
|
| 50 | 50 | </div> |
| 51 | 51 | <div> |
| 52 | 52 | <input type="checkbox" class="checkbox" id="security-enforce-numerical-characters" |
| 53 | - <?php if ($_['isNumericalCharsEnforced']) p("checked");?> >
|
|
| 53 | + <?php if ($_['isNumericalCharsEnforced']) p("checked"); ?> >
|
|
| 54 | 54 | <label for="security-enforce-numerical-characters"><?php p($l->t('Enforce at least one numerical characters on passwords')) ?></label>
|
| 55 | 55 | </div> |
| 56 | 56 | <div> |
| 57 | 57 | <input type="checkbox" class="checkbox" id="security-enforce-special-characters" |
| 58 | - <?php if ($_['isSpecialCharsEnforced']) p("checked");?> >
|
|
| 58 | + <?php if ($_['isSpecialCharsEnforced']) p("checked"); ?> >
|
|
| 59 | 59 | <label for="security-enforce-special-characters"><?php p($l->t('Enforce at least one special characters on passwords')) ?></label>
|
| 60 | 60 | </div> |
| 61 | 61 | </div> |
| 62 | 62 | \ No newline at end of file |
@@ -79,14 +79,14 @@ |
||
| 79 | 79 | * @param string $ip |
| 80 | 80 | * @throws LoginException |
| 81 | 81 | */ |
| 82 | - public function applyBruteForcePolicy($uid ,$ip) {
|
|
| 82 | + public function applyBruteForcePolicy($uid, $ip) {
|
|
| 83 | 83 | $banPeriod = $this->config->getBruteForceProtectionBanPeriod(); |
| 84 | - $banUntil = $this->dbConnection->getLastFailedLoginAttemptTimeForIp($ip)+$banPeriod; |
|
| 85 | - if($this->dbConnection->getSuspiciousActivityCountForUidIpCombination($uid, $ip) >= |
|
| 84 | + $banUntil = $this->dbConnection->getLastFailedLoginAttemptTimeForIp($ip) + $banPeriod; |
|
| 85 | + if ($this->dbConnection->getSuspiciousActivityCountForUidIpCombination($uid, $ip) >= |
|
| 86 | 86 | $this->config->getBruteForceProtectionFailTolerance() && |
| 87 | 87 | $banUntil > $this->timeFactory->getTime()) {
|
| 88 | 88 | throw new LoginException($this->l->t("Too many failed login attempts. Try again in %s minutes.",
|
| 89 | - ceil($banPeriod/60)) |
|
| 89 | + ceil($banPeriod / 60)) |
|
| 90 | 90 | ); |
| 91 | 91 | } |
| 92 | 92 | } |
@@ -88,7 +88,7 @@ discard block |
||
| 88 | 88 | ->will($this->returnValue($lastAttempt)); |
| 89 | 89 | $this->dbServiceMock->expects($this->once()) |
| 90 | 90 | ->method('getSuspiciousActivityCountForUidIpCombination')
|
| 91 | - ->with('test','192.168.1.1')
|
|
| 91 | + ->with('test', '192.168.1.1')
|
|
| 92 | 92 | ->will($this->returnValue($attemptCount)); |
| 93 | 93 | $this->configMock->expects($this->once()) |
| 94 | 94 | ->method('getBruteForceProtectionBanPeriod')
|
@@ -100,7 +100,7 @@ discard block |
||
| 100 | 100 | ->method('getTime')
|
| 101 | 101 | ->will($this->returnValue($time)); |
| 102 | 102 | $this->expectException('OC\User\LoginException');
|
| 103 | - $this->throttle->applyBruteForcePolicy('test','192.168.1.1');
|
|
| 103 | + $this->throttle->applyBruteForcePolicy('test', '192.168.1.1');
|
|
| 104 | 104 | } |
| 105 | 105 | public function bruteForceTestData() {
|
| 106 | 106 | return [ |
@@ -62,7 +62,7 @@ discard block |
||
| 62 | 62 | /** |
| 63 | 63 | * @param string $uid |
| 64 | 64 | */ |
| 65 | - public function addFailedLoginAttempt($uid, $ip){
|
|
| 65 | + public function addFailedLoginAttempt($uid, $ip) {
|
|
| 66 | 66 | $builder = $this->connection->getQueryBuilder(); |
| 67 | 67 | $builder->insert('failed_login_attempts')
|
| 68 | 68 | ->setValue('ip', $builder->createNamedParameter($ip))
|
@@ -78,7 +78,7 @@ discard block |
||
| 78 | 78 | */ |
| 79 | 79 | public function getSuspiciousActivityCountForUidIpCombination($uid, $ip) {
|
| 80 | 80 | $builder = $this->connection->getQueryBuilder(); |
| 81 | - $thresholdTime = (new \DateTime())->modify("-". $this->config->getBruteForceProtectionTimeThreshold() . "second")->getTimestamp();
|
|
| 81 | + $thresholdTime = (new \DateTime())->modify("-".$this->config->getBruteForceProtectionTimeThreshold()."second")->getTimestamp();
|
|
| 82 | 82 | $attempts = $builder->selectAlias($builder->createFunction('COUNT(*)'), 'count')
|
| 83 | 83 | ->from('failed_login_attempts')
|
| 84 | 84 | ->where($builder->expr()->gt('attempted_at', $builder->createNamedParameter($thresholdTime)))
|
@@ -95,7 +95,7 @@ discard block |
||
| 95 | 95 | */ |
| 96 | 96 | public function getSuspiciousActivityCountForUid($uid) {
|
| 97 | 97 | $builder = $this->connection->getQueryBuilder(); |
| 98 | - $thresholdTime = (new \DateTime())->modify("-". $this->config->getBruteForceProtectionTimeThreshold() . "second")->getTimestamp();
|
|
| 98 | + $thresholdTime = (new \DateTime())->modify("-".$this->config->getBruteForceProtectionTimeThreshold()."second")->getTimestamp();
|
|
| 99 | 99 | $attempts = $builder->selectAlias($builder->createFunction('COUNT(*)'), 'count')
|
| 100 | 100 | ->from('failed_login_attempts')
|
| 101 | 101 | ->where($builder->expr()->gt('attempted_at', $builder->createNamedParameter($thresholdTime)))
|
@@ -111,7 +111,7 @@ discard block |
||
| 111 | 111 | */ |
| 112 | 112 | public function getSuspiciousActivityCountForIp($ip) {
|
| 113 | 113 | $builder = $this->connection->getQueryBuilder(); |
| 114 | - $thresholdTime = (new \DateTime())->modify("-". $this->config->getBruteForceProtectionTimeThreshold() . "second")->getTimestamp();
|
|
| 114 | + $thresholdTime = (new \DateTime())->modify("-".$this->config->getBruteForceProtectionTimeThreshold()."second")->getTimestamp();
|
|
| 115 | 115 | $attempts = $builder->selectAlias($builder->createFunction('COUNT(*)'), 'count')
|
| 116 | 116 | ->from('failed_login_attempts')
|
| 117 | 117 | ->where($builder->expr()->gt('attempted_at', $builder->createNamedParameter($thresholdTime)))
|
@@ -127,12 +127,12 @@ discard block |
||
| 127 | 127 | */ |
| 128 | 128 | public function getLastFailedLoginAttemptTimeForIp($ip) {
|
| 129 | 129 | $builder = $this->connection->getQueryBuilder(); |
| 130 | - $thresholdTime = (new \DateTime())->modify("-". $this->config->getBruteForceProtectionTimeThreshold() . "second")->getTimestamp();
|
|
| 130 | + $thresholdTime = (new \DateTime())->modify("-".$this->config->getBruteForceProtectionTimeThreshold()."second")->getTimestamp();
|
|
| 131 | 131 | $lastAttempt = $builder->select('attempted_at')
|
| 132 | 132 | ->from('failed_login_attempts')
|
| 133 | 133 | ->where($builder->expr()->gt('attempted_at', $builder->createNamedParameter($thresholdTime)))
|
| 134 | 134 | ->andWhere($builder->expr()->eq('ip', $builder->createNamedParameter($ip)))
|
| 135 | - ->orderBy('attempted_at','DESC')
|
|
| 135 | + ->orderBy('attempted_at', 'DESC')
|
|
| 136 | 136 | ->setMaxResults(1) |
| 137 | 137 | ->execute() |
| 138 | 138 | ->fetch(); |
@@ -145,7 +145,7 @@ discard block |
||
| 145 | 145 | public function deleteSuspiciousAttemptsForIp($ip) {
|
| 146 | 146 | $builder = $this->connection->getQueryBuilder(); |
| 147 | 147 | $builder->delete('failed_login_attempts')
|
| 148 | - ->where($builder->expr()->eq('ip',$builder->createNamedParameter($ip)))
|
|
| 148 | + ->where($builder->expr()->eq('ip', $builder->createNamedParameter($ip)))
|
|
| 149 | 149 | ->execute(); |
| 150 | 150 | } |
| 151 | 151 | |
@@ -156,7 +156,7 @@ discard block |
||
| 156 | 156 | public function deleteSuspiciousAttemptsForUidIpCombination($uid, $ip) {
|
| 157 | 157 | $builder = $this->connection->getQueryBuilder(); |
| 158 | 158 | $builder->delete('failed_login_attempts')
|
| 159 | - ->where($builder->expr()->eq('uid',$builder->createNamedParameter($uid)))
|
|
| 159 | + ->where($builder->expr()->eq('uid', $builder->createNamedParameter($uid)))
|
|
| 160 | 160 | ->andWhere($builder->expr()->eq('ip', $builder->createNamedParameter($ip)))
|
| 161 | 161 | ->execute(); |
| 162 | 162 | } |
