diff options
| author | diosmosis <diosmosis@users.noreply.github.com> | 2021-07-14 06:12:48 +0300 |
|---|---|---|
| committer | diosmosis <diosmosis@users.noreply.github.com> | 2021-07-14 06:12:48 +0300 |
| commit | b9dcef9a338a39d33187c4321e04d504666209f6 (patch) | |
| tree | 251d1ac770ccf011d1c35a10d910456334441096 | |
| parent | fa66bc580852c2b098ba5ea7f7ba57048f258714 (diff) | |
if a failed login attempt comes from an API request, marke it as from the API in the brute force logbrute-force-log-api-user
| -rw-r--r-- | plugins/Login/Security/BruteForceDetection.php | 7 | ||||
| -rw-r--r-- | plugins/Login/tests/Integration/Security/BruteForceDetectionTest.php | 26 |
2 files changed, 33 insertions, 0 deletions
diff --git a/plugins/Login/Security/BruteForceDetection.php b/plugins/Login/Security/BruteForceDetection.php index ab94491d78..cfe3171aac 100644 --- a/plugins/Login/Security/BruteForceDetection.php +++ b/plugins/Login/Security/BruteForceDetection.php @@ -8,6 +8,7 @@ */ namespace Piwik\Plugins\Login\Security; +use Piwik\API\Request; use Piwik\Common; use Piwik\Container\StaticContainer; use Piwik\Date; @@ -16,6 +17,7 @@ use Piwik\Option; use Piwik\Plugins\Login\Emails\SuspiciousLoginAttemptsInLastHourEmail; use Piwik\Plugins\Login\Model; use Piwik\Plugins\Login\SystemSettings; +use Piwik\SettingsServer; use Piwik\Updater; use Piwik\Version; use Psr\Log\LoggerInterface; @@ -24,6 +26,7 @@ class BruteForceDetection { const OVERALL_LOGIN_LOCKOUT_THRESHOLD_MIN = 10; const TABLE_NAME = 'brute_force_log'; + const API_LOGIN_PLACEHOLDER = '__API__'; private $minutesTimeRange; private $maxLogAttempts; @@ -68,6 +71,10 @@ class BruteForceDetection { public function addFailedAttempt($ipAddress, $login = null) { + if (empty($login) && Request::isRootRequestApiRequest()) { + $login = self::API_LOGIN_PLACEHOLDER; + } + $now = $this->getNow()->getDatetime(); $db = Db::get(); try { diff --git a/plugins/Login/tests/Integration/Security/BruteForceDetectionTest.php b/plugins/Login/tests/Integration/Security/BruteForceDetectionTest.php index 419f8ec0d3..90d511fd9f 100644 --- a/plugins/Login/tests/Integration/Security/BruteForceDetectionTest.php +++ b/plugins/Login/tests/Integration/Security/BruteForceDetectionTest.php @@ -8,6 +8,7 @@ namespace Piwik\Plugins\Login\tests\Integration\Security; +use Piwik\API\Request; use Piwik\Common; use Piwik\Date; use Piwik\Db; @@ -79,6 +80,31 @@ class BruteForceDetectionTest extends IntegrationTestCase $this->assertTrue($this->detection->isEnabled()); } + public function test_addFailedAttempt_usesApiUsernameIfInApiRequest() + { + $this->addFailedLoginInPast('127.0.0.1', 1); + + Request::setIsRootRequestApiRequest(true); + $this->addFailedLoginInPast('10.1.2.3', 3); + + $entries = $this->detection->getAll(); + $expected = [ + [ + 'id_brute_force_log' => '1', + 'ip_address' => '127.0.0.1', + 'attempted_at' => '2018-09-23 12:39:10', + 'login' => null, + ], + [ + 'id_brute_force_log' => '2', + 'ip_address' => '10.1.2.3', + 'attempted_at' => '2018-09-23 12:37:10', + 'login' => BruteForceDetection::API_LOGIN_PLACEHOLDER, + ], + ]; + $this->assertEquals($expected, $entries); + } + public function test_addFailedAttempt_addsEntries() { $this->addFailedLoginInPast('127.0.0.1', 1); |