RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/regulation/regulator.go

95 lines
3.0 KiB
Go
Raw Normal View History

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
package regulation
import (
"fmt"
"time"
Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml
2019-12-24 02:14:52 +00:00
"github.com/authelia/authelia/internal/configuration/schema"
"github.com/authelia/authelia/internal/models"
"github.com/authelia/authelia/internal/storage"
"github.com/authelia/authelia/internal/utils"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
)
// NewRegulator create a regulator instance.
Rewrite and fix remaining suites in Go.
2019-11-24 20:27:59 +00:00
func NewRegulator(configuration *schema.RegulationConfiguration, provider storage.Provider, clock utils.Clock) *Regulator {
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
regulator := &Regulator{storageProvider: provider}
Rewrite and fix remaining suites in Go.
2019-11-24 20:27:59 +00:00
regulator.clock = clock
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
if configuration != nil {
[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go
2020-04-05 12:37:21 +00:00
findTime, err := utils.ParseDurationString(configuration.FindTime)
if err != nil {
panic(err)
}
banTime, err := utils.ParseDurationString(configuration.BanTime)
if err != nil {
panic(err)
}
if findTime > banTime {
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
panic(fmt.Errorf("find_time cannot be greater than ban_time"))
}
[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go
2020-04-05 12:37:21 +00:00
[FIX] Disable regulation when max_retries set to 0 (#584) - Only set regulator to enabled if max_retries is not set to 0, default is false (zero value). - Added test for the scenario. - Fixes #584
2020-01-26 21:42:05 +00:00
// Set regulator enabled only if MaxRetries is not 0.
regulator.enabled = configuration.MaxRetries > 0
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
regulator.maxRetries = configuration.MaxRetries
[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go
2020-04-05 12:37:21 +00:00
regulator.findTime = findTime
regulator.banTime = banTime
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
}
return regulator
}
// Mark mark an authentication attempt.
[CI] Add godot linter (#958) * [CI] Add godot linter * Implement godot recommendations
2020-05-02 05:06:39 +00:00
// We split Mark and Regulate in order to avoid timing attacks.
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
func (r *Regulator) Mark(username string, successful bool) error {
return r.storageProvider.AppendAuthenticationLog(models.AuthenticationAttempt{
Username: username,
Successful: successful,
Rewrite and fix remaining suites in Go.
2019-11-24 20:27:59 +00:00
Time: r.clock.Now(),
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
})
}
// Regulate regulate the authentication attempts for a given user.
// This method returns ErrUserIsBanned if the user is banned along with the time until when
// the user is banned.
func (r *Regulator) Regulate(username string) (time.Time, error) {
// If there is regulation configuration, no regulation applies.
if !r.enabled {
return time.Time{}, nil
}
Rewrite and fix remaining suites in Go.
2019-11-24 20:27:59 +00:00
now := r.clock.Now()
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
// TODO(c.michaud): make sure FindTime < BanTime.
attempts, err := r.storageProvider.LoadLatestAuthenticationLogs(username, now.Add(-r.banTime))
if err != nil {
return time.Time{}, nil
}
latestFailedAttempts := make([]models.AuthenticationAttempt, 0, r.maxRetries)
for _, attempt := range attempts {
if attempt.Successful || len(latestFailedAttempts) >= r.maxRetries {
// We stop appending failed attempts once we find the first successful attempts or we reach
// the configured number of retries, meaning the user is already banned.
break
} else {
latestFailedAttempts = append(latestFailedAttempts, attempt)
}
}
// If the number of failed attempts within the ban time is less than the max number of retries
// then the user is not banned.
if len(latestFailedAttempts) < r.maxRetries {
return time.Time{}, nil
}
// Now we compute the time between the latest attempt and the MaxRetry-th one. If it's
// within the FindTime then it means that the user has been banned.
durationBetweenLatestAttempts := latestFailedAttempts[0].Time.Sub(
latestFailedAttempts[r.maxRetries-1].Time)
if durationBetweenLatestAttempts < r.findTime {
bannedUntil := latestFailedAttempts[0].Time.Add(r.banTime)
return bannedUntil, ErrUserIsBanned
}
return time.Time{}, nil
}