Public share protect (4)

appinfo/Migrations/Version20191109111104.php

@@ -0,0 +1,60 @@
+<?php
+/**
+ * @author Semih Serhat Karakaya <karakayasemi@itu.edu.tr>
+ *
+ * @copyright Copyright (c) 2020, ownCloud GmbH
+ * @license GPL-2.0
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+namespace OCA\brute_force_protection\Migrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use OCP\Migration\ISchemaMigration;
+
+class Version20191109111104 implements ISchemaMigration {
+
+ /** @var string */
+ private $prefix;
+
+ public function changeSchema(Schema $schema, array $options) {
+ $this->prefix = $options['tablePrefix'];
+ if (!$schema->hasTable("{$this->prefix}bfp_link_accesses")) {
+ $table = $schema->createTable("{$this->prefix}bfp_link_accesses");
+ $table->addColumn('id', 'integer', [
+ 'autoincrement' => true,
+ 'unsigned' => true,
+ 'notnull' => true,
+ 'length' => 11,
+ ]);
+ $table->addColumn('ip', 'string', [
+ 'notnull' => true,
+ 'length' => 64,
+ ]);
+ $table->addColumn('link_token', 'string', [
+ 'notnull' => true,
+ 'length' => 64,
+ ]);
+ $table->addColumn('attempted_at', 'integer', [
+ 'notnull' => true,
+ ]);
+
+ $table->setPrimaryKey(['id']);
+ $table->addIndex(['ip'], 'bfp_link_accesses_ip');
+ $table->addIndex(['attempted_at'], 'bfp_link_accesses_at');
+ }
+ }
+}

appinfo/info.xml

@@ -21,7 +21,7 @@ See the [2-Factor Authentication](https://marketplace.owncloud.com/apps/twofacto
  <summary>Prevent attackers from guessing user passwords</summary>
  <licence>GPLv2</licence>
  <author>Semih Serhat Karakaya</author>
- <version>1.0.1</version>
+ <version>1.1.0</version>
  <namespace>BruteForceProtection</namespace>
  <use-migrations>true</use-migrations>
  <dependencies>

lib/BruteForceProtectionConfig.php

@@ -75,7 +75,7 @@ public function getBruteForceProtectionFailTolerance() {
  }
 
  /**
- * Count failed login attempts over how many seconds
+ * Count failed attempts over how many seconds
  *
  * @return int
  */

lib/Db/FailedLinkAccess.php

@@ -0,0 +1,48 @@
+<?php
+/**
+ * @author Semih Serhat Karakaya <karakayasemi@itu.edu.tr>
+ *
+ * @copyright Copyright (c) 2019, ownCloud GmbH
+ * @license GPL-2.0
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+namespace OCA\BruteForceProtection\Db;
+
+use OCP\AppFramework\Db\Entity;
+
+/**
+ * @method int getId()
+ * @method void setId(\int $id)
+ * @method string getIp()
+ * @method void setIp(string $ip)
+ * @method string getLinkToken()
+ * @method void setLinkToken(string $linkToken)
+ * @method int getAttemptedAt()
+ * @method void setAttemptedAt(int $attemptedAt)
+ */
+class FailedLinkAccess extends Entity {
+
+ /** @var string $ip */
+ protected $ip;
+
+ /** @var string $linkToken */
+ protected $linkToken;
+
+ /** @var int $attemptedAt */
+ protected $attemptedAt;
+}

lib/Db/FailedLinkAccessMapper.php

@@ -0,0 +1,134 @@
+<?php
+/**
+ * @author Semih Serhat Karakaya <karakayasemi@itu.edu.tr>
+ *
+ * @copyright Copyright (c) 2019 ownCloud GmbH
+ * @license GPL-2.0
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+namespace OCA\BruteForceProtection\Db;
+
+use OCP\AppFramework\Db\Mapper;
+use OCA\BruteForceProtection\BruteForceProtectionConfig;
+use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\IDBConnection;
+
+/**
+ * Class FailedLinkAccessMapper
+ * @package OCA\BruteForceProtection\Db
+ */
+class FailedLinkAccessMapper extends Mapper {
+
+ /**
+ * @var BruteForceProtectionConfig $config
+ */
+ protected $config;
+
+ /**
+ * @var ITimeFactory $timeFactory
+ */
+ protected $timeFactory;
+
+ /**
+ * @var string $tableName
+ */
+ protected $tableName = 'bfp_link_accesses';
+
+ /**
+ * FailedLinkAccessMapper constructor.
+ *
+ * @param IDBConnection $db
+ * @param BruteForceProtectionConfig $config
+ * @param ITimeFactory $timeFactory
+ */
+ public function __construct(
+ IDBConnection $db,
+ BruteForceProtectionConfig $config,
+ ITimeFactory $timeFactory
+ ) {
+ parent::__construct($db, $this->tableName);
+ $this->config = $config;
+ $this->timeFactory = $timeFactory;
+ }
+
+ /**
+ * @param string $token
+ * @param string $ip
+ * @return int
+ */
+ public function getFailedAccessCountForTokenIpCombination($token, $ip) {
+ $builder = $this->db->getQueryBuilder();
+ $thresholdTime = $this->getLastFailedAccessTimeForTokenIpCombination($token, $ip) - $this->config->getBruteForceProtectionTimeThreshold();
+ $attempts = $builder->selectAlias($builder->createFunction('COUNT(*)'), 'count')
+ ->from($this->tableName)
+ ->where($builder->expr()->gt('attempted_at', $builder->createNamedParameter($thresholdTime)))
+ ->andWhere($builder->expr()->eq('link_token', $builder->createNamedParameter($token)))
+ ->andWhere($builder->expr()->eq('ip', $builder->createNamedParameter($ip)))
+ ->execute()
+ ->fetch();
+ return \intval($attempts['count']);
+ }
+
+ /**
+ * @param string $token
+ * @param string $ip
+ * @return int
+ */
+ public function getLastFailedAccessTimeForTokenIpCombination($token, $ip) {
+ $builder = $this->db->getQueryBuilder();
+ $thresholdTime = $this->timeFactory->getTime() - $this->config->getBruteForceProtectionBanPeriod();
+ $lastAttempt = $builder->select('attempted_at')
+ ->from($this->tableName)
+ ->where($builder->expr()->gt('attempted_at', $builder->createNamedParameter($thresholdTime)))
+ ->andWhere($builder->expr()->eq('link_token', $builder->createNamedParameter($token)))
+ ->andWhere($builder->expr()->eq('ip', $builder->createNamedParameter($ip)))
+ ->orderBy('attempted_at', 'DESC')
+ ->setMaxResults(1)
+ ->execute()
+ ->fetch();
+ if ($lastAttempt === false) {
+ return 0;
+ }
+ return \intval($lastAttempt['attempted_at']);
+ }
+
+ /**
+ * @param string $token
+ * @param string $ip
+ */
+ public function deleteFailedAccessForTokenIpCombination($token, $ip) {
+ $builder = $this->db->getQueryBuilder();
+ $builder->delete($this->tableName)
+ ->where($builder->expr()->eq('link_token', $builder->createNamedParameter($token)))
+ ->andWhere($builder->expr()->eq('ip', $builder->createNamedParameter($ip)))
+ ->execute();
+ }
+
+ /**
+ * It removes entries that were created before the specified threshold seconds.
+ *
+ * @param int $threshold the amount of threshold seconds
+ */
+ public function deleteOldFailedAccesses($threshold) {
+ $builder = $this->db->getQueryBuilder();
+ $thresholdTime = $this->timeFactory->getTime() - $threshold;
+ $builder->delete($this->tableName)
+ ->where($builder->expr()->lt('attempted_at', $builder->createNamedParameter($thresholdTime)))
+ ->execute();
+ }
+}

lib/Db/FailedLoginAttemptMapper.php

@@ -72,7 +72,7 @@ public function __construct(
  * @param string $ip
  * @return int
  */
- public function getSuspiciousActivityCountForUidIpCombination($uid, $ip) {
+ public function getFailedLoginCountForUidIpCombination($uid, $ip) {
  $builder = $this->db->getQueryBuilder();
  $thresholdTime = $this->getLastFailedLoginAttemptTimeForUidIpCombination($uid, $ip) - $this->config->getBruteForceProtectionTimeThreshold();
  $attempts = $builder->selectAlias($builder->createFunction('COUNT(*)'), 'count')
@@ -109,7 +109,7 @@ public function getLastFailedLoginAttemptTimeForUidIpCombination($uid, $ip) {
  * @param string $uid
  * @param string $ip
  */
- public function deleteSuspiciousAttemptsForUidIpCombination($uid, $ip) {
+ public function deleteFailedLoginAttemptsForUidIpCombination($uid, $ip) {
  $builder = $this->db->getQueryBuilder();
  $builder->delete($this->tableName)
  ->where($builder->expr()->eq('uid', $builder->createNamedParameter($uid)))
@@ -118,7 +118,7 @@ public function deleteSuspiciousAttemptsForUidIpCombination($uid, $ip) {
  }
 
  /**
- * It removes entries that created before the specified threshold seconds.
+ * It removes entries that were created before the specified threshold seconds.
  *
  * @param int $threshold the amount of threshold seconds
  */

lib/Exceptions/LinkAuthException.php

@@ -0,0 +1,27 @@
+<?php
+/**
+ * @author Semih Serhat Karakaya <karakayasemi@itu.edu.tr>
+ *
+ * @copyright Copyright (c) 2019, ownCloud GmbH
+ * @license GPL-2.0
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+namespace OCA\BruteForceProtection\Exceptions;
+
+class LinkAuthException extends \Exception {
+}