diff options
author | Stefan Giehl <stefan@matomo.org> | 2022-08-02 01:30:38 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-02 01:30:38 +0300 |
commit | e45328fd7a71fe93fc432e2a7c7d043712df2aac (patch) | |
tree | 688e9a00ce09a11a4486475f249a13e75d6c367a | |
parent | 34aa273ee158c2992ec986ff7f0b5314faab6b34 (diff) |
Enable brute force detection for user invitation (#19580)
-rw-r--r-- | plugins/Login/Controller.php | 3 | ||||
-rw-r--r-- | plugins/Login/Login.php | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index 76579d69d4..8434ff646c 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -16,6 +16,7 @@ use Piwik\Common; use Piwik\Config; use Piwik\Container\StaticContainer; use Piwik\Date; +use Piwik\IP; use Piwik\Log; use Piwik\Nonce; use Piwik\Piwik; @@ -542,6 +543,7 @@ class Controller extends \Piwik\Plugin\ControllerAdmin // if no user matches the invite token if (!$user) { + $this->bruteForceDetection->addFailedAttempt(IP::getIpFromHeader()); throw new Exception(Piwik::translate('Login_InvalidUsernameEmail')); } @@ -646,6 +648,7 @@ class Controller extends \Piwik\Plugin\ControllerAdmin // if no user matches the invite token if (!$user) { + $this->bruteForceDetection->addFailedAttempt(IP::getIpFromHeader()); throw new Exception(Piwik::translate('Login_InvalidOrExpiredToken')); } diff --git a/plugins/Login/Login.php b/plugins/Login/Login.php index df2e740656..350a80c0fe 100644 --- a/plugins/Login/Login.php +++ b/plugins/Login/Login.php @@ -55,6 +55,8 @@ class Login extends \Piwik\Plugin 'Controller.Login.resetPassword' => 'beforeLoginCheckBruteForceForUserPwdLogin', 'Controller.Login.login' => 'beforeLoginCheckBruteForceForUserPwdLogin', 'Controller.TwoFactorAuth.loginTwoFactorAuth' => 'beforeLoginCheckBruteForce', + 'Controller.Login.acceptInvitation' => 'beforeLoginCheckBruteForce', + 'Controller.Login.declineInvitation' => 'beforeLoginCheckBruteForce', 'Login.authenticate.successful' => 'beforeLoginCheckBruteForce', 'Login.beforeLoginCheckAllowed' => 'beforeLoginCheckBruteForceForUserPwdLogin', // record any failed attempt in UI 'Login.recordFailedLoginAttempt' => 'onFailedLoginRecordAttempt', // record any failed attempt in UI |