diff options
| author | sgiehl <stefan@matomo.org> | 2022-08-02 12:32:14 +0300 |
|---|---|---|
| committer | sgiehl <stefan@matomo.org> | 2022-08-02 12:32:14 +0300 |
| commit | c9439f356b8b9291493972cf0cc5cbc906b22ef9 (patch) | |
| tree | 9e8a6867dc80f7db55a4f03bf7630362e3e29d39 /plugins/Login | |
| parent | 60b5bf5ad2b82647339697b2b2a1becb4f0040f5 (diff) | |
| parent | 49904aa0b002a1a6382e648e02d30cdc4984e1f9 (diff) | |
Merge branch 'next_release' into 4.x-dev
Diffstat (limited to 'plugins/Login')
| -rw-r--r-- | plugins/Login/Controller.php | 3 | ||||
| -rw-r--r-- | plugins/Login/Login.php | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index 76579d69d4..8434ff646c 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -16,6 +16,7 @@ use Piwik\Common; use Piwik\Config; use Piwik\Container\StaticContainer; use Piwik\Date; +use Piwik\IP; use Piwik\Log; use Piwik\Nonce; use Piwik\Piwik; @@ -542,6 +543,7 @@ class Controller extends \Piwik\Plugin\ControllerAdmin // if no user matches the invite token if (!$user) { + $this->bruteForceDetection->addFailedAttempt(IP::getIpFromHeader()); throw new Exception(Piwik::translate('Login_InvalidUsernameEmail')); } @@ -646,6 +648,7 @@ class Controller extends \Piwik\Plugin\ControllerAdmin // if no user matches the invite token if (!$user) { + $this->bruteForceDetection->addFailedAttempt(IP::getIpFromHeader()); throw new Exception(Piwik::translate('Login_InvalidOrExpiredToken')); } diff --git a/plugins/Login/Login.php b/plugins/Login/Login.php index df2e740656..350a80c0fe 100644 --- a/plugins/Login/Login.php +++ b/plugins/Login/Login.php @@ -55,6 +55,8 @@ class Login extends \Piwik\Plugin 'Controller.Login.resetPassword' => 'beforeLoginCheckBruteForceForUserPwdLogin', 'Controller.Login.login' => 'beforeLoginCheckBruteForceForUserPwdLogin', 'Controller.TwoFactorAuth.loginTwoFactorAuth' => 'beforeLoginCheckBruteForce', + 'Controller.Login.acceptInvitation' => 'beforeLoginCheckBruteForce', + 'Controller.Login.declineInvitation' => 'beforeLoginCheckBruteForce', 'Login.authenticate.successful' => 'beforeLoginCheckBruteForce', 'Login.beforeLoginCheckAllowed' => 'beforeLoginCheckBruteForceForUserPwdLogin', // record any failed attempt in UI 'Login.recordFailedLoginAttempt' => 'onFailedLoginRecordAttempt', // record any failed attempt in UI |