Skip to content

[stable27] feat(security): Add a bruteforce protection backend base on memcache #39997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nickvergessen merged 8 commits into from
Aug 23, 2023
Merged

[stable27] feat(security): Add a bruteforce protection backend base on memcache #39997

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
befa2f6
feat(security): Add a bruteforce protection backend base on memcache
nickvergessen Aug 14, 2023
97548e7
feat(security): Add a "testing mode" for bruteforce protection that d…
nickvergessen Aug 14, 2023
5c07891
feat: Add a header which signals that the request was throttled
nickvergessen Aug 14, 2023
b55359b
feat: Expose if the own IP is allowed to bypass bruteforce protection
nickvergessen Aug 15, 2023
b5dbb4d
feat(OCC): Add a command to get the bruteforce state of an IP
nickvergessen Aug 15, 2023
759fc11
fix: Make bypass function public API
nickvergessen Aug 16, 2023
866a8a2
feat(admin): Show an error when the admin is throttled
nickvergessen Aug 17, 2023
26832ec
fix(middleware): Fix header injection for bruteforce middleware
nickvergessen Aug 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
fix(middleware): Fix header injection for bruteforce middleware 
Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons
So shifting back to old standard practise for now

Signed-off-by: Joas Schilling <[email protected]>
  • Loading branch information
@nickvergessen
nickvergessen committed Aug 23, 2023
commit 26832ec5da999068ef838f570c7a3ba912c47cdf
6 changes: 1 addition & 5 deletions lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,11 +130,7 @@ public function afterController($controller, $methodName, Response $response) {
}

if ($this->delaySlept) {
$headers = $response->getHeaders();
if (!isset($headers['X-Nextcloud-Bruteforce-Throttled'])) {
$headers['X-Nextcloud-Bruteforce-Throttled'] = $this->delaySlept . 'ms';
$response->setHeaders($headers);
}
$response->addHeader('X-Nextcloud-Bruteforce-Throttled', $this->delaySlept . 'ms');
}

return parent::afterController($controller, $methodName, $response);
Expand Down