IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Chore: Add login protection when user is trying different uppercase letters (#87588)

Browse Source 
* add login protection when the user is trying different uppercase letters
This commit is contained in:
linoman 2024-05-10 13:49:59 +02:00 committed by GitHub
parent 867d36fe59
commit cd98aaf89b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/services/loginattempt/loginattemptimpl/login_attempt.go
View File

@ -2,6 +2,7 @@ package loginattemptimpl
import (
"context"
"strings"
"time"
"github.com/grafana/grafana/pkg/infra/db"
@ -54,14 +55,14 @@ func (s *Service) Add(ctx context.Context, username, IPAddress string) error {
}
_, err := s.store.CreateLoginAttempt(ctx, CreateLoginAttemptCommand{
Username: username,
Username: strings.ToLower(username),
IpAddress: IPAddress,
})
return err
}
func (s *Service) Reset(ctx context.Context, username string) error {
return s.store.DeleteLoginAttempts(ctx, DeleteLoginAttemptsCommand{username})
return s.store.DeleteLoginAttempts(ctx, DeleteLoginAttemptsCommand{strings.ToLower(username)})
}
func (s *Service) Validate(ctx context.Context, username string) (bool, error) {
@ -70,7 +71,7 @@ func (s *Service) Validate(ctx context.Context, username string) (bool, error) {
}
loginAttemptCountQuery := GetUserLoginAttemptCountQuery{
Username: username,
Username: strings.ToLower(username),
Since: time.Now().Add(-loginAttemptsWindow),
}

26
pkg/services/loginattempt/loginattemptimpl/login_attempt_test.go
View File

@ -6,6 +6,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/services/loginattempt"
"github.com/grafana/grafana/pkg/setting"
)
@ -79,6 +80,31 @@ func TestService_Validate(t *testing.T) {
}
}
func TestLoginAttempts(t *testing.T) {
ctx := context.Background()
cfg := setting.NewCfg()
cfg.DisableBruteForceLoginProtection = false
db := db.InitTestDB(t)
service := ProvideService(db, cfg, nil)
// add multiple login attempts with different uppercases, they all should be counted as the same user
_ = service.Add(ctx, "admin", "[::1]")
_ = service.Add(ctx, "Admin", "[::1]")
_ = service.Add(ctx, "aDmin", "[::1]")
_ = service.Add(ctx, "adMin", "[::1]")
_ = service.Add(ctx, "admIn", "[::1]")
_ = service.Add(ctx, "admIN", "[::1]")
// validate the number of attempts is correct for all the different uppercases
count, err := service.store.GetUserLoginAttemptCount(ctx, GetUserLoginAttemptCountQuery{Username: "admin"})
assert.Nil(t, err)
assert.Equal(t, int64(6), count)
ok, err := service.Validate(ctx, "admin")
assert.False(t, ok)
assert.Nil(t, err)
}
var _ store = new(fakeStore)
type fakeStore struct {