/ - Diff - Foreman

« Previous | Next »

Revision 086ed5bd

Fixes #22778 - disableable bruteforce protection

       end
       def bruteforce_attempt?
         get_login_failures >= 30
         limit = Setting[:failed_login_attempts_limit].to_i
         limit > 0 && get_login_failures >= limit
       end
       def log_bruteforce

app/models/setting/auth.rb
		self.set('oauth_consumer_key', N_("OAuth consumer key"), '', N_('OAuth consumer key'), nil, {:encrypted => true}),
		self.set('oauth_consumer_secret', N_("OAuth consumer secret"), '', N_("OAuth consumer secret"), nil, {:encrypted => true}),
		self.set('oauth_map_users', N_("Foreman will map users by username in request-header. If this is set to false, OAuth requests will have admin rights."), true, N_('OAuth map users')),
		self.set('failed_login_attempts_limit', N_("Foreman will block user login after this number of failed login attempts for 5 minutes from offending IP address. Set to 0 to disable bruteforce protection"), 30, N_('Failed login attempts limit')),
		self.set('restrict_registered_smart_proxies', N_('Only known Smart Proxies may access features that use Smart Proxy authentication'), true, N_('Restrict registered smart proxies')),
		self.set('require_ssl_smart_proxies', N_('Client SSL certificates are used to identify Smart Proxies (:require_ssl should also be enabled)'), true, N_('Require SSL for smart proxies')),
		self.set('trusted_hosts', N_('Hosts that will be trusted in addition to Smart Proxies for access to fact/report importers and ENC output'), [], N_('Trusted hosts')),

       category: Setting::General
       default: "true"
       description: "Should append domain names when new hosts are provisioned"
     attribute80:
       name: failed_login_attempts_limit
       category: Setting::Auth
       default: 30
       description: "Foreman will block user login after this number of failed login attempts for 5 minutes from offending IP address. Set to 0 to disable bruteforce protection"

Also available in: Unified diff