feat(OCC): Add a command to get the bruteforce state of an IP

Signed-off-by: Joas Schilling <[email protected]>

Author: nickvergessen

core/Command/Security/BruteforceAttempts.php

@@ -0,0 +1,87 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2023 Joas Schilling <[email protected]>
+ *
+ * @author Joas Schilling <[email protected]>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Core\Command\Security;
+
+use OC\Core\Command\Base;
+use OC\Security\Bruteforce\Throttler;
+use OCP\Security\Bruteforce\IThrottler;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class BruteforceAttempts extends Base {
+	/** @var Throttler */
+	protected IThrottler $throttler;
+
+	public function __construct(
+		IThrottler $throttler,
+	) {
+		parent::__construct();
+		$this->throttler = $throttler;
+	}
+
+	protected function configure(): void {
+		parent::configure();
+		$this
+			->setName('security:bruteforce:attempts')
+			->setDescription('resets bruteforce attempts for given IP address')
+			->addArgument(
+				'ipaddress',
+				InputArgument::REQUIRED,
+				'IP address for which the attempts are to be reset',
+			)
+			->addArgument(
+				'action',
+				InputArgument::OPTIONAL,
+				'Only count attempts for the given action',
+			)
+		;
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output): int {
+		$ip = $input->getArgument('ipaddress');
+
+		if (!filter_var($ip, FILTER_VALIDATE_IP)) {
+			$output->writeln('<error>"' . $ip . '" is not a valid IP address</error>');
+			return 1;
+		}
+
+		$data = [
+			'allow-listed' => $this->throttler->isIPWhitelisted($ip),
+			'attempts' => $this->throttler->getAttempts(
+				$ip,
+				(string) $input->getArgument('action'),
+			),
+			'delay' => $this->throttler->getDelay(
+				$ip,
+				(string) $input->getArgument('action'),
+			),
+		];
+
+		$this->writeArrayInOutputFormat($input, $output, $data);
+
+		return 0;
+	}
+}

…and/Security/ResetBruteforceAttempts.php …and/Security/BruteforceResetAttempts.phpcore/Command/Security/ResetBruteforceAttempts.php renamed to core/Command/Security/BruteforceResetAttempts.php core/Command/Security/ResetBruteforceAttempts.php renamed to core/Command/Security/BruteforceResetAttempts.php

@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2020, Johannes Riedel ([email protected])
  *
@@ -24,22 +26,22 @@
 namespace OC\Core\Command\Security;
 
 use OC\Core\Command\Base;
-use OC\Security\Bruteforce\Throttler;
+use OCP\Security\Bruteforce\IThrottler;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
 
-class ResetBruteforceAttempts extends Base {
+class BruteforceResetAttempts extends Base {
 	public function __construct(
-		protected Throttler $throttler,
+		protected IThrottler $throttler,
 	) {
 		parent::__construct();
 	}
 
-	protected function configure() {
+	protected function configure(): void {
 		$this
 			->setName('security:bruteforce:reset')
-			->setDescription('resets bruteforce attemps for given IP address')
+			->setDescription('resets bruteforce attempts for given IP address')
 			->addArgument(
 				'ipaddress',
 				InputArgument::REQUIRED,

core/register_command.php

@@ -209,7 +209,8 @@
 	$application->add(new OC\Core\Command\Security\ListCertificates(\OC::$server->getCertificateManager(), \OC::$server->getL10N('core')));
 	$application->add(new OC\Core\Command\Security\ImportCertificate(\OC::$server->getCertificateManager()));
 	$application->add(new OC\Core\Command\Security\RemoveCertificate(\OC::$server->getCertificateManager()));
-	$application->add(new OC\Core\Command\Security\ResetBruteforceAttempts(\OC::$server->getBruteForceThrottler()));
+	$application->add(\OC::$server->get(\OC\Core\Command\Security\BruteforceAttempts::class));
+	$application->add(\OC::$server->get(\OC\Core\Command\Security\BruteforceResetAttempts::class));
 } else {
 	$application->add(\OC::$server->get(\OC\Core\Command\Maintenance\Install::class));
 }

lib/composer/composer/autoload_classmap.php

@@ -1019,10 +1019,11 @@
     'OC\\Core\\Command\\Preview\\Generate' => $baseDir . '/core/Command/Preview/Generate.php',
     'OC\\Core\\Command\\Preview\\Repair' => $baseDir . '/core/Command/Preview/Repair.php',
     'OC\\Core\\Command\\Preview\\ResetRenderedTexts' => $baseDir . '/core/Command/Preview/ResetRenderedTexts.php',
+    'OC\\Core\\Command\\Security\\BruteforceAttempts' => $baseDir . '/core/Command/Security/BruteforceAttempts.php',
+    'OC\\Core\\Command\\Security\\BruteforceResetAttempts' => $baseDir . '/core/Command/Security/BruteforceResetAttempts.php',
     'OC\\Core\\Command\\Security\\ImportCertificate' => $baseDir . '/core/Command/Security/ImportCertificate.php',
     'OC\\Core\\Command\\Security\\ListCertificates' => $baseDir . '/core/Command/Security/ListCertificates.php',
     'OC\\Core\\Command\\Security\\RemoveCertificate' => $baseDir . '/core/Command/Security/RemoveCertificate.php',
-    'OC\\Core\\Command\\Security\\ResetBruteforceAttempts' => $baseDir . '/core/Command/Security/ResetBruteforceAttempts.php',
     'OC\\Core\\Command\\Status' => $baseDir . '/core/Command/Status.php',
     'OC\\Core\\Command\\SystemTag\\Add' => $baseDir . '/core/Command/SystemTag/Add.php',
     'OC\\Core\\Command\\SystemTag\\Delete' => $baseDir . '/core/Command/SystemTag/Delete.php',

lib/composer/composer/autoload_static.php

@@ -1052,10 +1052,11 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OC\\Core\\Command\\Preview\\Generate' => __DIR__ . '/../../..' . '/core/Command/Preview/Generate.php',
         'OC\\Core\\Command\\Preview\\Repair' => __DIR__ . '/../../..' . '/core/Command/Preview/Repair.php',
         'OC\\Core\\Command\\Preview\\ResetRenderedTexts' => __DIR__ . '/../../..' . '/core/Command/Preview/ResetRenderedTexts.php',
+        'OC\\Core\\Command\\Security\\BruteforceAttempts' => __DIR__ . '/../../..' . '/core/Command/Security/BruteforceAttempts.php',
+        'OC\\Core\\Command\\Security\\BruteforceResetAttempts' => __DIR__ . '/../../..' . '/core/Command/Security/BruteforceResetAttempts.php',
         'OC\\Core\\Command\\Security\\ImportCertificate' => __DIR__ . '/../../..' . '/core/Command/Security/ImportCertificate.php',
         'OC\\Core\\Command\\Security\\ListCertificates' => __DIR__ . '/../../..' . '/core/Command/Security/ListCertificates.php',
         'OC\\Core\\Command\\Security\\RemoveCertificate' => __DIR__ . '/../../..' . '/core/Command/Security/RemoveCertificate.php',
-        'OC\\Core\\Command\\Security\\ResetBruteforceAttempts' => __DIR__ . '/../../..' . '/core/Command/Security/ResetBruteforceAttempts.php',
         'OC\\Core\\Command\\Status' => __DIR__ . '/../../..' . '/core/Command/Status.php',
         'OC\\Core\\Command\\SystemTag\\Add' => __DIR__ . '/../../..' . '/core/Command/SystemTag/Add.php',
         'OC\\Core\\Command\\SystemTag\\Delete' => __DIR__ . '/../../..' . '/core/Command/SystemTag/Delete.php',