Page MenuHomePhorge
Files F117981217

D2704.1775521866.diff
No OneTemporary
Actions

Authored By
Unknown
Size
2 KB
Referenced Files
None
Subscribers
None

D2704.1775521866.diff
View Options

diff --git a/src/app/AuthAttempt.php b/src/app/AuthAttempt.php
--- a/src/app/AuthAttempt.php
+++ b/src/app/AuthAttempt.php
@@ -17,6 +17,8 @@
// Password mismatch
public const REASON_PASSWORD = 'password';
+ // Geolocation not in whitelist
+ public const REASON_GEOLOCATION = 'geolocation';
protected $nullable = [
'reason',
diff --git a/src/app/Http/Controllers/API/NGINXController.php b/src/app/Http/Controllers/API/NGINXController.php
--- a/src/app/Http/Controllers/API/NGINXController.php
+++ b/src/app/Http/Controllers/API/NGINXController.php
@@ -71,6 +71,7 @@
if (!$result) {
$attempt = \App\AuthAttempt::recordAuthAttempt($user, $clientIP);
+ // Avoid setting a passowrd failure reason if previously accepted the location.
if (!$attempt->isAccepted()) {
$attempt->reason = \App\AuthAttempt::REASON_PASSWORD;
$attempt->save();
@@ -81,26 +82,24 @@
}
// validate country of origin against restrictions, otherwise bye bye
- /* $countryCodes = json_decode($user->getSetting('limit_geo', "[]")); */
-
- /* \Log::debug("Countries for {$user->email}: " . var_export($countryCodes, true)); */
-
- /* // TODO: Consider "new geographical area notification". */
-
- /* if (!empty($countryCodes)) { */
- /* // fake the country is NL, and the limitation is CH */
- /* if ($clientIP == '127.0.0.1' && $login == "piet@kolab.org") { */
- /* $country = "NL"; */
- /* } else { */
- /* // TODO: GeoIP reliance */
- /* $country = "CH"; */
- /* } */
-
- /* if (!in_array($country, $countryCodes)) { */
- /* // TODO: Log, notify user. */
- /* return $this->byebye($request, "Country code mismatch"); */
- /* } */
- /* } */
+ $countryCodes = json_decode($user->getSetting('limit_geo', "[]"));
+
+ \Log::debug("Countries for {$user->email}: " . var_export($countryCodes, true));
+
+ if (!empty($countryCodes)) {
+ $country = \App\Utils::countryForIP($clientIP);
+ if (!in_array($country, $countryCodes)) {
+ \Log::info(
+ "Failed authentication attempt due to country code mismatch ({$country}) for user: {$login}"
+ );
+ $attempt = \App\AuthAttempt::recordAuthAttempt($user, $clientIP);
+ $attempt->deny();
+ $attempt->reason = \App\AuthAttempt::REASON_GEOLOCATION;
+ $attempt->save();
+ $attempt->notify();
+ return $this->byebye($request, "Country code mismatch");
+ }
+ }
// TODO: Apply some sort of limit for Auth-Login-Attempt -- docs say it is the number of
// attempts over the same authAttempt.

File Metadata

Mime Type
text/plain
Expires
Tue, Apr 7, 12:31 AM (5 h, 23 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18836557
Default Alt Text
D2704.1775521866.diff (2 KB)

Event Timeline