Revision 086ed5bd
Added by Marek Hulán about 6 years ago
app/controllers/concerns/foreman/controller/bruteforce_protection.rb | ||
---|---|---|
end
|
||
|
||
def bruteforce_attempt?
|
||
get_login_failures >= 30
|
||
limit = Setting[:failed_login_attempts_limit].to_i
|
||
limit > 0 && get_login_failures >= limit
|
||
end
|
||
|
||
def log_bruteforce
|
app/models/setting/auth.rb | ||
---|---|---|
self.set('oauth_consumer_key', N_("OAuth consumer key"), '', N_('OAuth consumer key'), nil, {:encrypted => true}),
|
||
self.set('oauth_consumer_secret', N_("OAuth consumer secret"), '', N_("OAuth consumer secret"), nil, {:encrypted => true}),
|
||
self.set('oauth_map_users', N_("Foreman will map users by username in request-header. If this is set to false, OAuth requests will have admin rights."), true, N_('OAuth map users')),
|
||
self.set('failed_login_attempts_limit', N_("Foreman will block user login after this number of failed login attempts for 5 minutes from offending IP address. Set to 0 to disable bruteforce protection"), 30, N_('Failed login attempts limit')),
|
||
self.set('restrict_registered_smart_proxies', N_('Only known Smart Proxies may access features that use Smart Proxy authentication'), true, N_('Restrict registered smart proxies')),
|
||
self.set('require_ssl_smart_proxies', N_('Client SSL certificates are used to identify Smart Proxies (:require_ssl should also be enabled)'), true, N_('Require SSL for smart proxies')),
|
||
self.set('trusted_hosts', N_('Hosts that will be trusted in addition to Smart Proxies for access to fact/report importers and ENC output'), [], N_('Trusted hosts')),
|
test/fixtures/settings.yml | ||
---|---|---|
category: Setting::General
|
||
default: "true"
|
||
description: "Should append domain names when new hosts are provisioned"
|
||
attribute80:
|
||
name: failed_login_attempts_limit
|
||
category: Setting::Auth
|
||
default: 30
|
||
description: "Foreman will block user login after this number of failed login attempts for 5 minutes from offending IP address. Set to 0 to disable bruteforce protection"
|
Also available in: Unified diff
Fixes #22778 - disableable bruteforce protection