|
|
|
@ -47,6 +47,7 @@ use OC\Authentication\Token\IProvider;
|
|
|
|
|
use OC\Authentication\Token\IToken;
|
|
|
|
|
use OC\Hooks\Emitter;
|
|
|
|
|
use OC\Hooks\PublicEmitter;
|
|
|
|
|
use OC\Security\Bruteforce\Throttler;
|
|
|
|
|
use OC_User;
|
|
|
|
|
use OC_Util;
|
|
|
|
|
use OCA\DAV\Connector\Sabre\Auth;
|
|
|
|
@ -428,7 +429,7 @@ class Session implements IUserSession, Emitter {
|
|
|
|
|
* @param string $user
|
|
|
|
|
* @param string $password
|
|
|
|
|
* @param IRequest $request
|
|
|
|
|
* @param OC\Security\Bruteforce\Throttler $throttler
|
|
|
|
|
* @param Throttler $throttler
|
|
|
|
|
* @throws LoginException
|
|
|
|
|
* @throws PasswordLoginForbiddenException
|
|
|
|
|
* @return boolean
|
|
|
|
@ -436,8 +437,9 @@ class Session implements IUserSession, Emitter {
|
|
|
|
|
public function logClientIn($user,
|
|
|
|
|
$password,
|
|
|
|
|
IRequest $request,
|
|
|
|
|
OC\Security\Bruteforce\Throttler $throttler) {
|
|
|
|
|
$currentDelay = $throttler->sleepDelay($request->getRemoteAddress(), 'login');
|
|
|
|
|
Throttler $throttler) {
|
|
|
|
|
$remoteAddress = $request->getRemoteAddress();
|
|
|
|
|
$currentDelay = $throttler->sleepDelay($remoteAddress, 'login');
|
|
|
|
|
|
|
|
|
|
if ($this->manager instanceof PublicEmitter) {
|
|
|
|
|
$this->manager->emit('\OC\User', 'preLogin', [$user, $password]);
|
|
|
|
@ -461,17 +463,13 @@ class Session implements IUserSession, Emitter {
|
|
|
|
|
if (!$this->login($user, $password)) {
|
|
|
|
|
|
|
|
|
|
// Failed, maybe the user used their email address
|
|
|
|
|
if (!filter_var($user, FILTER_VALIDATE_EMAIL)) {
|
|
|
|
|
$this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$users = $this->manager->getByEmail($user);
|
|
|
|
|
if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
|
|
|
|
|
$this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']);
|
|
|
|
|
|
|
|
|
|
$throttler->registerAttempt('login', $request->getRemoteAddress(), ['user' => $user]);
|
|
|
|
|
|
|
|
|
|
$this->dispatcher->dispatchTyped(new OC\Authentication\Events\LoginFailed($user));
|
|
|
|
|
|
|
|
|
|
if ($currentDelay === 0) {
|
|
|
|
|
$throttler->sleepDelay($request->getRemoteAddress(), 'login');
|
|
|
|
|
}
|
|
|
|
|
$this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
@ -486,6 +484,17 @@ class Session implements IUserSession, Emitter {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function handleLoginFailed(Throttler $throttler, int $currentDelay, string $remoteAddress, string $user, ?string $password) {
|
|
|
|
|
$this->logger->warning("Login failed: '" . $user . "' (Remote IP: '" . $remoteAddress . "')", ['app' => 'core']);
|
|
|
|
|
|
|
|
|
|
$throttler->registerAttempt('login', $remoteAddress, ['user' => $user]);
|
|
|
|
|
$this->dispatcher->dispatchTyped(new OC\Authentication\Events\LoginFailed($user));
|
|
|
|
|
|
|
|
|
|
if ($currentDelay === 0) {
|
|
|
|
|
$throttler->sleepDelay($remoteAddress, 'login');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function supportsCookies(IRequest $request) {
|
|
|
|
|
if (!is_null($request->getCookie('cookie_test'))) {
|
|
|
|
|
return true;
|
|
|
|
@ -574,11 +583,11 @@ class Session implements IUserSession, Emitter {
|
|
|
|
|
*
|
|
|
|
|
* @todo do not allow basic auth if the user is 2FA enforced
|
|
|
|
|
* @param IRequest $request
|
|
|
|
|
* @param OC\Security\Bruteforce\Throttler $throttler
|
|
|
|
|
* @param Throttler $throttler
|
|
|
|
|
* @return boolean if the login was successful
|
|
|
|
|
*/
|
|
|
|
|
public function tryBasicAuthLogin(IRequest $request,
|
|
|
|
|
OC\Security\Bruteforce\Throttler $throttler) {
|
|
|
|
|
Throttler $throttler) {
|
|
|
|
|
if (!empty($request->server['PHP_AUTH_USER']) && !empty($request->server['PHP_AUTH_PW'])) {
|
|
|
|
|
try {
|
|
|
|
|
if ($this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'], $request, $throttler)) {
|
|
|
|
|