owncloud /
security
@@ -35,7 +35,7 @@ |
||
| 35 | 35 | } |
| 36 | 36 | |
| 37 | 37 | /** |
| 38 | - * @param array $mockedMethods |
|
| 38 | + * @param string[] $mockedMethods |
|
| 39 | 39 | * @return SecurityConfig | \PHPUnit_Framework_MockObject_MockObject |
| 40 | 40 | */ |
| 41 | 41 | private function getMockInstance($mockedMethods = []) {
|
@@ -20,8 +20,8 @@ |
||
| 20 | 20 | */ |
| 21 | 21 | namespace OCA\Security\Tests; |
| 22 | 22 | |
| 23 | -use OCA\Security\SecurityConfig; |
|
| 24 | -use OCP\IConfig; |
|
| 23 | +use OCA\Security\SecurityConfig; |
|
| 24 | +use OCP\IConfig; |
|
| 25 | 25 | use Test\TestCase; |
| 26 | 26 | class SecurityConfigTest extends TestCase {
|
| 27 | 27 | /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */ |
@@ -1,6 +1,5 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | /** |
| 3 | - |
|
| 4 | 3 | * |
| 5 | 4 | * @author Semih Serhat Karakaya |
| 6 | 5 | * @copyright Copyright (c) 2016, ITU IT HEAD OFFICE. |
@@ -55,7 +55,7 @@ |
||
| 55 | 55 | * @param PasswordValidator $passValidator |
| 56 | 56 | * @param EventDispatcherInterface $dispatcher |
| 57 | 57 | */ |
| 58 | - public function __construct($userManager, $throttle, $request, $passValidator, $dispatcher){ |
|
| 58 | + public function __construct($userManager, $throttle, $request, $passValidator, $dispatcher) { |
|
| 59 | 59 | $this->userManager = $userManager; |
| 60 | 60 | $this->throttle = $throttle; |
| 61 | 61 | $this->request = $request; |
@@ -80,12 +80,12 @@ |
||
| 80 | 80 | */ |
| 81 | 81 | public function applyBruteForcePolicy($ip) {
|
| 82 | 82 | $banPeriod = $this->config->getBruteForceProtectionBanPeriod(); |
| 83 | - $banUntil = $this->dbConnection->getLastFailedLoginAttemptTimeForIp($ip)+$banPeriod; |
|
| 84 | - if($this->dbConnection->getSuspiciousActivityCountForIp($ip) >= |
|
| 83 | + $banUntil = $this->dbConnection->getLastFailedLoginAttemptTimeForIp($ip) + $banPeriod; |
|
| 84 | + if ($this->dbConnection->getSuspiciousActivityCountForIp($ip) >= |
|
| 85 | 85 | $this->config->getBruteForceProtectionFailTolerance() && |
| 86 | 86 | $banUntil > $this->timeFactory->getTime()) {
|
| 87 | 87 | throw new LoginException($this->l->t("Too many failed login attempts. Try again in %s minutes.",
|
| 88 | - ceil($banPeriod/60)) |
|
| 88 | + ceil($banPeriod / 60)) |
|
| 89 | 89 | ); |
| 90 | 90 | } |
| 91 | 91 | } |
@@ -47,7 +47,7 @@ |
||
| 47 | 47 | $c->query('DbService'),
|
| 48 | 48 | $c->query('SecurityConfig'),
|
| 49 | 49 | $c->query('OCP\IL10N'),
|
| 50 | - $c->query('OCP\AppFramework\Utility\ITimeFactory')
|
|
| 50 | + $c->query('OCP\AppFramework\Utility\ITimeFactory')
|
|
| 51 | 51 | ); |
| 52 | 52 | }); |
| 53 | 53 | |
@@ -46,17 +46,26 @@ |
||
| 46 | 46 | </div> |
| 47 | 47 | <div> |
| 48 | 48 | <input type="checkbox" class="checkbox" id="security-enforce-upper-lower-case" |
| 49 | - <?php if ($_['isUpperLowerCaseEnforced']) p("checked");?> >
|
|
| 49 | + <?php if ($_['isUpperLowerCaseEnforced']) { |
|
| 50 | + p("checked"); |
|
| 51 | +} |
|
| 52 | +?> > |
|
| 50 | 53 | <label for="security-enforce-upper-lower-case"><?php p($l->t('Enforce at least one upper and one lower case character on passwords')) ?></label>
|
| 51 | 54 | </div> |
| 52 | 55 | <div> |
| 53 | 56 | <input type="checkbox" class="checkbox" id="security-enforce-numerical-characters" |
| 54 | - <?php if ($_['isNumericalCharsEnforced']) p("checked");?> >
|
|
| 57 | + <?php if ($_['isNumericalCharsEnforced']) { |
|
| 58 | + p("checked"); |
|
| 59 | +} |
|
| 60 | +?> > |
|
| 55 | 61 | <label for="security-enforce-numerical-characters"><?php p($l->t('Enforce at least one numerical characters on passwords')) ?></label>
|
| 56 | 62 | </div> |
| 57 | 63 | <div> |
| 58 | 64 | <input type="checkbox" class="checkbox" id="security-enforce-special-characters" |
| 59 | - <?php if ($_['isSpecialCharsEnforced']) p("checked");?> >
|
|
| 65 | + <?php if ($_['isSpecialCharsEnforced']) { |
|
| 66 | + p("checked"); |
|
| 67 | +} |
|
| 68 | +?> > |
|
| 60 | 69 | <label for="security-enforce-special-characters"><?php p($l->t('Enforce at least one special characters on passwords')) ?></label>
|
| 61 | 70 | </div> |
| 62 | 71 | </div> |
| 63 | 72 | \ No newline at end of file |
@@ -32,7 +32,7 @@ discard block |
||
| 32 | 32 | <input type="number" id="security-bfp-fail-tolerance" value="<?php p($_['bruteForceProtectionFailTolerance']) ?>"><br> |
| 33 | 33 | <label for="security-bfp-ban-period"><?php p($l->t('Ban for how many seconds?')) ?></label><br>
|
| 34 | 34 | <input type="number" id="security-bfp-ban-period" value="<?php p($_['bruteForceProtectionBanPeriod']) ?>"><br> |
| 35 | - <button id="save-bfp-settings" class="save"><?php p($l->t('Save settings'));?></button>
|
|
| 35 | + <button id="save-bfp-settings" class="save"><?php p($l->t('Save settings')); ?></button>
|
|
| 36 | 36 | </div> |
| 37 | 37 | </div> |
| 38 | 38 | <div id="security-password-policy" class="section"> |
@@ -40,22 +40,22 @@ discard block |
||
| 40 | 40 | <div> |
| 41 | 41 | <label for="security-min-password-length"><?php p($l->t('Determine minimum password length')) ?></label>
|
| 42 | 42 | <input type="number" id="security-min-password-length" min="6" value="<?php p($_['minPasswordLength']) ?>"> |
| 43 | - <button id="save-pass-length" class="save"><?php p($l->t('Save length'));?></button>
|
|
| 43 | + <button id="save-pass-length" class="save"><?php p($l->t('Save length')); ?></button>
|
|
| 44 | 44 | <span id="security-min-password-length-message" class="msg"></span> |
| 45 | 45 | </div> |
| 46 | 46 | <div> |
| 47 | 47 | <input type="checkbox" class="checkbox" id="security-enforce-upper-lower-case" |
| 48 | - <?php if ($_['isUpperLowerCaseEnforced']) p("checked");?> >
|
|
| 48 | + <?php if ($_['isUpperLowerCaseEnforced']) p("checked"); ?> >
|
|
| 49 | 49 | <label for="security-enforce-upper-lower-case"><?php p($l->t('Enforce at least one upper and one lower case character on passwords')) ?></label>
|
| 50 | 50 | </div> |
| 51 | 51 | <div> |
| 52 | 52 | <input type="checkbox" class="checkbox" id="security-enforce-numerical-characters" |
| 53 | - <?php if ($_['isNumericalCharsEnforced']) p("checked");?> >
|
|
| 53 | + <?php if ($_['isNumericalCharsEnforced']) p("checked"); ?> >
|
|
| 54 | 54 | <label for="security-enforce-numerical-characters"><?php p($l->t('Enforce at least one numerical characters on passwords')) ?></label>
|
| 55 | 55 | </div> |
| 56 | 56 | <div> |
| 57 | 57 | <input type="checkbox" class="checkbox" id="security-enforce-special-characters" |
| 58 | - <?php if ($_['isSpecialCharsEnforced']) p("checked");?> >
|
|
| 58 | + <?php if ($_['isSpecialCharsEnforced']) p("checked"); ?> >
|
|
| 59 | 59 | <label for="security-enforce-special-characters"><?php p($l->t('Enforce at least one special characters on passwords')) ?></label>
|
| 60 | 60 | </div> |
| 61 | 61 | </div> |
| 62 | 62 | \ No newline at end of file |
@@ -25,15 +25,15 @@ |
||
| 25 | 25 | ?> |
| 26 | 26 | <div id="password-policies" class="hidden"> |
| 27 | 27 | <?php print_unescaped( |
| 28 | - "<p>". $l->t('Passwords must:'). "</p>");?>
|
|
| 28 | + "<p>". $l->t('Passwords must:'). "</p>");?>
|
|
| 29 | 29 | <ul class="pass-info"> |
| 30 | 30 | <?php print_unescaped( |
| 31 | - "<li class='pass-info-element'>". $l->t('be at least %s characters long ', $_['minPasswordLength']). "</li>");?>
|
|
| 31 | + "<li class='pass-info-element'>". $l->t('be at least %s characters long ', $_['minPasswordLength']). "</li>");?>
|
|
| 32 | 32 | <?php if ($_['isUpperLowerCaseEnforced']) print_unescaped( |
| 33 | - "<li class='pass-info-element'>". $l->t('contain at least one uppercase letter and at least one lowercase letter '). "</li>");?>
|
|
| 33 | + "<li class='pass-info-element'>". $l->t('contain at least one uppercase letter and at least one lowercase letter '). "</li>");?>
|
|
| 34 | 34 | <?php if ($_['isNumericalCharsEnforced']) print_unescaped( |
| 35 | - "<li class='pass-info-element'>". $l->t('contain at least one numerical character'). "</li>");?>
|
|
| 35 | + "<li class='pass-info-element'>". $l->t('contain at least one numerical character'). "</li>");?>
|
|
| 36 | 36 | <?php if ($_['isSpecialCharsEnforced']) print_unescaped( |
| 37 | - "<li class='pass-info-element'>". $l->t('contain at least one special character'). "</li>");?>
|
|
| 37 | + "<li class='pass-info-element'>". $l->t('contain at least one special character'). "</li>");?>
|
|
| 38 | 38 | </ul> |
| 39 | 39 | </div> |
@@ -25,15 +25,15 @@ |
||
| 25 | 25 | ?> |
| 26 | 26 | <div id="password-policies" class="hidden"> |
| 27 | 27 | <?php print_unescaped( |
| 28 | - "<p>". $l->t('Passwords must:'). "</p>");?>
|
|
| 28 | + "<p>".$l->t('Passwords must:')."</p>"); ?>
|
|
| 29 | 29 | <ul class="pass-info"> |
| 30 | 30 | <?php print_unescaped( |
| 31 | - "<li class='pass-info-element'>". $l->t('be at least %s characters long ', $_['minPasswordLength']). "</li>");?>
|
|
| 31 | + "<li class='pass-info-element'>".$l->t('be at least %s characters long ', $_['minPasswordLength'])."</li>"); ?>
|
|
| 32 | 32 | <?php if ($_['isUpperLowerCaseEnforced']) print_unescaped( |
| 33 | - "<li class='pass-info-element'>". $l->t('contain at least one uppercase letter and at least one lowercase letter '). "</li>");?>
|
|
| 33 | + "<li class='pass-info-element'>".$l->t('contain at least one uppercase letter and at least one lowercase letter ')."</li>"); ?>
|
|
| 34 | 34 | <?php if ($_['isNumericalCharsEnforced']) print_unescaped( |
| 35 | - "<li class='pass-info-element'>". $l->t('contain at least one numerical character'). "</li>");?>
|
|
| 35 | + "<li class='pass-info-element'>".$l->t('contain at least one numerical character')."</li>"); ?>
|
|
| 36 | 36 | <?php if ($_['isSpecialCharsEnforced']) print_unescaped( |
| 37 | - "<li class='pass-info-element'>". $l->t('contain at least one special character'). "</li>");?>
|
|
| 37 | + "<li class='pass-info-element'>".$l->t('contain at least one special character')."</li>"); ?>
|
|
| 38 | 38 | </ul> |
| 39 | 39 | </div> |
@@ -29,11 +29,20 @@ |
||
| 29 | 29 | <ul class="pass-info"> |
| 30 | 30 | <?php print_unescaped( |
| 31 | 31 | "<li class='pass-info-element'>". $l->t('be at least %s characters long ', $_['minPasswordLength']). "</li>");?>
|
| 32 | - <?php if ($_['isUpperLowerCaseEnforced']) print_unescaped( |
|
| 33 | - "<li class='pass-info-element'>". $l->t('contain at least one uppercase letter and at least one lowercase letter '). "</li>");?>
|
|
| 34 | - <?php if ($_['isNumericalCharsEnforced']) print_unescaped( |
|
| 35 | - "<li class='pass-info-element'>". $l->t('contain at least one numerical character'). "</li>");?>
|
|
| 36 | - <?php if ($_['isSpecialCharsEnforced']) print_unescaped( |
|
| 37 | - "<li class='pass-info-element'>". $l->t('contain at least one special character'). "</li>");?>
|
|
| 32 | + <?php if ($_['isUpperLowerCaseEnforced']) { |
|
| 33 | + print_unescaped( |
|
| 34 | + "<li class='pass-info-element'>". $l->t('contain at least one uppercase letter and at least one lowercase letter '). "</li>"); |
|
| 35 | +} |
|
| 36 | +?> |
|
| 37 | + <?php if ($_['isNumericalCharsEnforced']) { |
|
| 38 | + print_unescaped( |
|
| 39 | + "<li class='pass-info-element'>". $l->t('contain at least one numerical character'). "</li>"); |
|
| 40 | +} |
|
| 41 | +?> |
|
| 42 | + <?php if ($_['isSpecialCharsEnforced']) { |
|
| 43 | + print_unescaped( |
|
| 44 | + "<li class='pass-info-element'>". $l->t('contain at least one special character'). "</li>"); |
|
| 45 | +} |
|
| 46 | +?> |
|
| 38 | 47 | </ul> |
| 39 | 48 | </div> |
@@ -62,7 +62,7 @@ discard block |
||
| 62 | 62 | /** |
| 63 | 63 | * @param string $uid |
| 64 | 64 | */ |
| 65 | - public function addFailedLoginAttempt($uid, $ip){
|
|
| 65 | + public function addFailedLoginAttempt($uid, $ip) {
|
|
| 66 | 66 | $builder = $this->connection->getQueryBuilder(); |
| 67 | 67 | $builder->insert('failed_login_attempts')
|
| 68 | 68 | ->setValue('ip', $builder->createNamedParameter($ip))
|
@@ -77,7 +77,7 @@ discard block |
||
| 77 | 77 | */ |
| 78 | 78 | public function getSuspiciousActivityCountForUid($uid) {
|
| 79 | 79 | $builder = $this->connection->getQueryBuilder(); |
| 80 | - $thresholdTime = (new \DateTime())->modify("-". $this->config->getBruteForceProtectionTimeThreshold() . "second")->getTimestamp();
|
|
| 80 | + $thresholdTime = (new \DateTime())->modify("-".$this->config->getBruteForceProtectionTimeThreshold()."second")->getTimestamp();
|
|
| 81 | 81 | $attempts = $builder->selectAlias($builder->createFunction('COUNT(*)'), 'count')
|
| 82 | 82 | ->from('failed_login_attempts')
|
| 83 | 83 | ->where($builder->expr()->gt('attempted_at', $builder->createNamedParameter($thresholdTime)))
|
@@ -93,7 +93,7 @@ discard block |
||
| 93 | 93 | */ |
| 94 | 94 | public function getSuspiciousActivityCountForIp($ip) {
|
| 95 | 95 | $builder = $this->connection->getQueryBuilder(); |
| 96 | - $thresholdTime = (new \DateTime())->modify("-". $this->config->getBruteForceProtectionTimeThreshold() . "second")->getTimestamp();
|
|
| 96 | + $thresholdTime = (new \DateTime())->modify("-".$this->config->getBruteForceProtectionTimeThreshold()."second")->getTimestamp();
|
|
| 97 | 97 | $attempts = $builder->selectAlias($builder->createFunction('COUNT(*)'), 'count')
|
| 98 | 98 | ->from('failed_login_attempts')
|
| 99 | 99 | ->where($builder->expr()->gt('attempted_at', $builder->createNamedParameter($thresholdTime)))
|
@@ -109,12 +109,12 @@ discard block |
||
| 109 | 109 | */ |
| 110 | 110 | public function getLastFailedLoginAttemptTimeForIp($ip) {
|
| 111 | 111 | $builder = $this->connection->getQueryBuilder(); |
| 112 | - $thresholdTime = (new \DateTime())->modify("-". $this->config->getBruteForceProtectionTimeThreshold() . "second")->getTimestamp();
|
|
| 112 | + $thresholdTime = (new \DateTime())->modify("-".$this->config->getBruteForceProtectionTimeThreshold()."second")->getTimestamp();
|
|
| 113 | 113 | $lastAttempt = $builder->select('attempted_at')
|
| 114 | 114 | ->from('failed_login_attempts')
|
| 115 | 115 | ->where($builder->expr()->gt('attempted_at', $builder->createNamedParameter($thresholdTime)))
|
| 116 | 116 | ->andWhere($builder->expr()->eq('ip', $builder->createNamedParameter($ip)))
|
| 117 | - ->orderBy('attempted_at','DESC')
|
|
| 117 | + ->orderBy('attempted_at', 'DESC')
|
|
| 118 | 118 | ->setMaxResults(1) |
| 119 | 119 | ->execute() |
| 120 | 120 | ->fetch(); |
@@ -124,7 +124,7 @@ discard block |
||
| 124 | 124 | public function deleteSuspiciousAttemptsForIp($ip) {
|
| 125 | 125 | $builder = $this->connection->getQueryBuilder(); |
| 126 | 126 | $builder->delete('failed_login_attempts')
|
| 127 | - ->where($builder->expr()->eq('ip',$builder->createNamedParameter($ip)))
|
|
| 127 | + ->where($builder->expr()->eq('ip', $builder->createNamedParameter($ip)))
|
|
| 128 | 128 | ->execute(); |
| 129 | 129 | } |
| 130 | 130 | } |
| 131 | 131 | \ No newline at end of file |
