mirror of
				https://github.com/grafana/grafana.git
				synced 2025-02-25 18:55:37 -06:00 
			
		
		
		
	Chore: Add login protection when user is trying different uppercase letters (#87588)
* add login protection when the user is trying different uppercase letters
This commit is contained in:
		| @@ -2,6 +2,7 @@ package loginattemptimpl | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"strings" | ||||
| 	"time" | ||||
|  | ||||
| 	"github.com/grafana/grafana/pkg/infra/db" | ||||
| @@ -54,14 +55,14 @@ func (s *Service) Add(ctx context.Context, username, IPAddress string) error { | ||||
| 	} | ||||
|  | ||||
| 	_, err := s.store.CreateLoginAttempt(ctx, CreateLoginAttemptCommand{ | ||||
| 		Username:  username, | ||||
| 		Username:  strings.ToLower(username), | ||||
| 		IpAddress: IPAddress, | ||||
| 	}) | ||||
| 	return err | ||||
| } | ||||
|  | ||||
| func (s *Service) Reset(ctx context.Context, username string) error { | ||||
| 	return s.store.DeleteLoginAttempts(ctx, DeleteLoginAttemptsCommand{username}) | ||||
| 	return s.store.DeleteLoginAttempts(ctx, DeleteLoginAttemptsCommand{strings.ToLower(username)}) | ||||
| } | ||||
|  | ||||
| func (s *Service) Validate(ctx context.Context, username string) (bool, error) { | ||||
| @@ -70,7 +71,7 @@ func (s *Service) Validate(ctx context.Context, username string) (bool, error) { | ||||
| 	} | ||||
|  | ||||
| 	loginAttemptCountQuery := GetUserLoginAttemptCountQuery{ | ||||
| 		Username: username, | ||||
| 		Username: strings.ToLower(username), | ||||
| 		Since:    time.Now().Add(-loginAttemptsWindow), | ||||
| 	} | ||||
|  | ||||
|   | ||||
| @@ -6,6 +6,7 @@ import ( | ||||
|  | ||||
| 	"github.com/stretchr/testify/assert" | ||||
|  | ||||
| 	"github.com/grafana/grafana/pkg/infra/db" | ||||
| 	"github.com/grafana/grafana/pkg/services/loginattempt" | ||||
| 	"github.com/grafana/grafana/pkg/setting" | ||||
| ) | ||||
| @@ -79,6 +80,31 @@ func TestService_Validate(t *testing.T) { | ||||
| 	} | ||||
| } | ||||
|  | ||||
| func TestLoginAttempts(t *testing.T) { | ||||
| 	ctx := context.Background() | ||||
| 	cfg := setting.NewCfg() | ||||
| 	cfg.DisableBruteForceLoginProtection = false | ||||
| 	db := db.InitTestDB(t) | ||||
| 	service := ProvideService(db, cfg, nil) | ||||
|  | ||||
| 	// add multiple login attempts with different uppercases, they all should be counted as the same user | ||||
| 	_ = service.Add(ctx, "admin", "[::1]") | ||||
| 	_ = service.Add(ctx, "Admin", "[::1]") | ||||
| 	_ = service.Add(ctx, "aDmin", "[::1]") | ||||
| 	_ = service.Add(ctx, "adMin", "[::1]") | ||||
| 	_ = service.Add(ctx, "admIn", "[::1]") | ||||
| 	_ = service.Add(ctx, "admIN", "[::1]") | ||||
|  | ||||
| 	// validate the number of attempts is correct for all the different uppercases | ||||
| 	count, err := service.store.GetUserLoginAttemptCount(ctx, GetUserLoginAttemptCountQuery{Username: "admin"}) | ||||
| 	assert.Nil(t, err) | ||||
| 	assert.Equal(t, int64(6), count) | ||||
|  | ||||
| 	ok, err := service.Validate(ctx, "admin") | ||||
| 	assert.False(t, ok) | ||||
| 	assert.Nil(t, err) | ||||
| } | ||||
|  | ||||
| var _ store = new(fakeStore) | ||||
|  | ||||
| type fakeStore struct { | ||||
|   | ||||
		Reference in New Issue
	
	Block a user