burmatovan/openuds
1
0
Fork 0
forked from shaba/openuds
Code Issues Pull Requests Projects Releases Wiki Activity

added config to actor block attacks

Browse Source
This commit is contained in:
Adolfo Gómez García 2021-03-12 15:10:39 +01:00
parent 868ff2817a
commit 52d3ffeac3
3 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/src/uds/REST/methods/actor_v3.py
View File

@ -69,6 +69,8 @@ class BlockAccess(Exception):
def checkBlockedIp(ip: str) -> None: def checkBlockedIp(ip: str) -> None:
if GlobalConfig.BLOCK_ACTOR_FAILURES.getBool() is False:
return
cache = Cache('actorv3') cache = Cache('actorv3')
fails = cache.get(ip) or 0 fails = cache.get(ip) or 0
if fails > ALLOWED_FAILS: if fails > ALLOWED_FAILS:

3
server/src/uds/core/util/config.py
View File

@ -315,6 +315,9 @@ class GlobalConfig:
# If we use new logout mechanics # If we use new logout mechanics
EXCLUSIVE_LOGOUT: Config.Value = Config.section(SECURITY_SECTION).value('Exclusive Logout', '0', type=Config.BOOLEAN_FIELD) EXCLUSIVE_LOGOUT: Config.Value = Config.section(SECURITY_SECTION).value('Exclusive Logout', '0', type=Config.BOOLEAN_FIELD)
# Enable/Disable Actor attack block
BLOCK_ACTOR_FAILURES: Config.Value = Config.section(SECURITY_SECTION).value('Block actor failures', '1', type=Config.BOOLEAN_FIELD)
RELOAD_TIME: Config.Value = Config.section(GLOBAL_SECTION).value('Page reload Time', '300', type=Config.NUMERIC_FIELD) RELOAD_TIME: Config.Value = Config.section(GLOBAL_SECTION).value('Page reload Time', '300', type=Config.NUMERIC_FIELD)
LIMITED_BY_CALENDAR_TEXT: Config.Value = Config.section(GLOBAL_SECTION).value('Calendar access denied text', '', type=Config.TEXT_FIELD) # Defaults to Nothing LIMITED_BY_CALENDAR_TEXT: Config.Value = Config.section(GLOBAL_SECTION).value('Calendar access denied text', '', type=Config.TEXT_FIELD) # Defaults to Nothing

11
server/src/uds/web/views/modern.py
View File

@ -35,15 +35,16 @@ import typing
from django.shortcuts import render from django.shortcuts import render
from django.http import HttpRequest, HttpResponse, JsonResponse, HttpResponseRedirect from django.http import HttpRequest, HttpResponse, JsonResponse, HttpResponseRedirect
from django.urls import reverse from django.urls import reverse
from uds.web.util import errors from uds.core.util.request import ExtendedHttpRequest, ExtendedHttpRequestWithUser
from uds.core.auths import auth from uds.core.auths import auth
from uds.web.util import errors
from uds.web.forms.LoginForm import LoginForm from uds.web.forms.LoginForm import LoginForm
from uds.web.util.authentication import checkLogin from uds.web.util.authentication import checkLogin
from uds.web.util.services import getServicesData from uds.web.util.services import getServicesData
from uds.web.util import configjs from uds.web.util import configjs
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -66,7 +67,7 @@ def ticketLauncher(request: HttpRequest) -> HttpResponse:
# Basically, the original /login method, but fixed for modern interface # Basically, the original /login method, but fixed for modern interface
def login(request: HttpRequest, tag: typing.Optional[str] = None) -> HttpResponse: def login(request: ExtendedHttpRequest, tag: typing.Optional[str] = None) -> HttpResponse:
# Default empty form # Default empty form
logger.debug('Tag: %s', tag) logger.debug('Tag: %s', tag)
if request.method == 'POST': if request.method == 'POST':
@ -97,7 +98,7 @@ def login(request: HttpRequest, tag: typing.Optional[str] = None) -> HttpRespons
@auth.webLoginRequired(admin=False) @auth.webLoginRequired(admin=False)
def logout(request: HttpRequest) -> HttpResponse: def logout(request: ExtendedHttpRequestWithUser) -> HttpResponse:
auth.authLogLogout(request) auth.authLogLogout(request)
request.session['restricted'] = False # Remove restricted request.session['restricted'] = False # Remove restricted
logoutUrl = request.user.logout() logoutUrl = request.user.logout()
@ -111,5 +112,5 @@ def js(request: HttpRequest) -> HttpResponse:
@auth.denyNonAuthenticated @auth.denyNonAuthenticated
def servicesData(request: HttpRequest) -> HttpResponse: def servicesData(request: ExtendedHttpRequestWithUser) -> HttpResponse:
return JsonResponse(getServicesData(request)) return JsonResponse(getServicesData(request))