Commit 60cb14d3 authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

Merge branch '1232-disable-fail2ban' into 'development'

Resolve "Disable Fail2ban"

Closes #1232

See merge request !2019
parents 8a85dea9 72bb2eb7
......@@ -60,10 +60,14 @@ class HumanVerification extends Controller
// Extract the correct solution to this captcha for generating the Audio Captcha
$text = implode(" ", $captcha->getText());
// Make sure each capture can only be tried once
$captcha_id = Crypt::encryptString(md5(microtime(true) . $text));
$tts_url = TTSController::CreateTTSUrl($text, Localization::getLanguage());
\App\PrometheusExporter::CaptchaShown();
return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
->with("id", $captcha_id)
->with('url', $redirect_url)
->with("key", $request->input("key"))
->with('correct', $captcha_key["key"])
......@@ -90,7 +94,21 @@ class HumanVerification extends Controller
$rules = ['captcha' => 'required|captcha_api:' . $lockedKey . ',math'];
$validator = validator()->make(request()->all(), $rules);
if (empty($lockedKey) || $validator->fails() || !$request->has("key") || !Cache::has($request->input("key"))) {
// There will be an entry in Cache for this key if this same captcha was already tried
$captcha_id = $request->input("id", "");
if (!empty($captcha_id)) {
try {
$captcha_id = Crypt::decryptString($captcha_id);
} catch (\Illuminate\Contracts\Encryption\DecryptException $e) {
$captcha_id = "";
}
// If this is not a md5
if (strlen($captcha_id) !== 32 || !ctype_xdigit($captcha_id)) {
$captcha_id = "";
}
}
if (empty($captcha_id) || Cache::has($captcha_id) || empty($lockedKey) || $validator->fails() || !$request->has("key") || !Cache::has($request->input("key"))) {
$params = [
"url" => $redirect_url,
"e" => "",
......@@ -99,6 +117,7 @@ class HumanVerification extends Controller
if ($request->has("dnaa")) {
$params["dnaa"] = true;
}
Cache::put($captcha_id, true, now()->addMinutes(10));
return redirect(route('captcha_show', $params));
} else {
// Check if the user wants to store a cookie
......@@ -149,6 +168,8 @@ class HumanVerification extends Controller
$human_verification->unlockUser();
$human_verification->verifyUser();
Cache::put($captcha_id, true, now()->addMinutes(10));
return redirect($url);
}
}
......@@ -170,30 +191,6 @@ class HumanVerification extends Controller
}
}
public static function logCaptcha(Request $request)
{
$fail2banEnabled = config("metager.metager.fail2ban.enabled");
if (empty($fail2banEnabled) || !$fail2banEnabled || !config("metager.metager.fail2ban.url") || !config("metager.metager.fail2ban.user") || !config("metager.metager.fail2ban.password")) {
return;
}
// Submit fetch job to worker
$mission = [
"resulthash" => "captcha",
"url" => config("metager.metager.fail2ban.url") . "/captcha/",
"useragent" => "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0",
"username" => config("metager.metager.fail2ban.user"),
"password" => config("metager.metager.fail2ban.password"),
"headers" => [
"ip" => $request->ip()
],
"cacheDuration" => 0,
"name" => "Captcha",
];
$mission = json_encode($mission);
Redis::rpush(\App\MetaGer::FETCHQUEUE_KEY, $mission);
}
public static function remove(Request $request)
{
if (!$request->has('hv') || !Cache::has($request->input("hv"))) {
......
......@@ -82,7 +82,6 @@ class HumanVerification
# If the user is locked we will force a Captcha validation
if ($user->isLocked()) {
$user->saveUser();
\App\Http\Controllers\HumanVerification::logCaptcha($request);
\app()->make(QueryTimer::class)->observeEnd(self::class);
$this->logCaptcha($request, $user);
echo redirect()->route('captcha_show', ["url" => URL::full(), "key" => $user->key]); // TODO uncomment
......
......@@ -39,7 +39,6 @@ class Spam
$browser->setUserAgent($_SERVER["AGENT"]);
if ($browser->browser() === "Chrome" && $browser->version($browser->browser()) === "91.0.4472.77") {
$this->logFail2Ban($request->ip());
abort(404);
}
// ToDo Remove Log
......@@ -69,28 +68,4 @@ class Spam
return $next($request);
}
private function logFail2Ban($ip)
{
$fail2banEnabled = config("metager.metager.fail2ban.enabled");
if (empty($fail2banEnabled) || !$fail2banEnabled || !config("metager.metager.fail2ban.url") || !config("metager.metager.fail2ban.user") || !config("metager.metager.fail2ban.password")) {
return;
}
// Submit fetch job to worker
$mission = [
"resulthash" => "browserverification.ban",
"url" => config("metager.metager.fail2ban.url") . "/spam/",
"useragent" => "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0",
"username" => config("metager.metager.fail2ban.user"),
"password" => config("metager.metager.fail2ban.password"),
"headers" => [
"ip" => $ip
],
"cacheDuration" => 0,
"name" => "Captcha",
];
$mission = json_encode($mission);
Redis::rpush(\App\MetaGer::FETCHQUEUE_KEY, $mission);
}
}
}
\ No newline at end of file
<?php
namespace App\Listeners;
use Illuminate\Auth\Events\Failed;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Support\Facades\Redis;
use Illuminate\Support\Facades\Request;
class LogFailedAuthenticationAttempt
{
/**
* Create the event listener.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* @param Failed $event
* @return void
*/
public function handle(Failed $event)
{
// Authentication failed Let's log the user
$fail2banEnabled = config("metager.metager.fail2ban.enabled");
if(empty($fail2banEnabled) || !$fail2banEnabled || !config("metager.metager.fail2ban.url") || !config("metager.metager.fail2ban.user") || !config("metager.metager.fail2ban.password")){
return;
}
// Submit fetch job to worker
$mission = [
"resulthash" => "captcha",
"url" => config("metager.metager.fail2ban.url") . "/mgadmin/",
"useragent" => "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0",
"username" => config("metager.metager.fail2ban.user"),
"password" => config("metager.metager.fail2ban.password"),
"headers" => [
"ip" => Request::ip()
],
"cacheDuration" => 0,
"name" => "Captcha",
];
$mission = json_encode($mission);
Redis::rpush(\App\MetaGer::FETCHQUEUE_KEY, $mission);
}
}
......@@ -12,11 +12,7 @@ class EventServiceProvider extends ServiceProvider
*
* @var array
*/
protected $listen = [
'Illuminate\Auth\Events\Failed' => [
'App\Listeners\LogFailedAuthenticationAttempt',
],
];
protected $listen = [];
/**
* Register any events for your application.
......@@ -39,4 +35,4 @@ class EventServiceProvider extends ServiceProvider
{
return false;
}
}
}
\ No newline at end of file
......@@ -6,6 +6,7 @@
<h1>@lang('captcha.1')</h1>
<p>@lang('captcha.2')</p>
<form method="post" action="{{ route('captcha_solve') }}" target="_top">
<input type="hidden" name="id" value="{{ $id }}">
<input type="hidden" name="url" value="{!! $url !!}">
<input type="hidden" name="key" value="{{ $key }}">
<input type="hidden" name="begin" value="{{ \microtime(true) }}">
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment