10.2.dev12 sécurité de la conenxion au compte

This commit is contained in:
Fred Tempez 2020-05-28 19:03:31 +02:00
parent 9c94e84d82
commit 0d68f00710
4 changed files with 52 additions and 13 deletions

View File

@ -35,15 +35,11 @@ class common {
const THUMBS_SEPARATOR = 'mini_';
const THUMBS_WIDTH = 640;
// Contrôle d'édition temps max en secondes.
// Contrôle d'édition temps max en secondes avant déconnexion 30 minutes
const ACCESS_TIMER = 1800;
// Nombre d'essais
const CONNECT_ATTEMPT = 3;
// Temps mort
const CONNECT_TIMEOUT = 1800;
// Numéro de version
const ZWII_VERSION = '10.2.00.dev11';
const ZWII_VERSION = '10.2.00.dev12';
const ZWII_UPDATE_CHANNEL = "v10";
public static $actions = [];
@ -1314,6 +1310,8 @@ class common {
// Version 10.2.00
if ($this->getData(['core', 'dataVersion']) < 10200) {
$this->deleteData(['admin','colorButtonText']);
$this->setData(['config', 'connect', 'attempt',3]);
$this->setData(['config', 'connect', 'timeout',10]);
$this->setData(['core', 'dataVersion', 10200]);
}
}

View File

@ -165,7 +165,22 @@ class config extends common {
'tls' => 'START TLS',
'ssl' => 'SSL/TLS'
];
// Sécurité de la connexion - tentative max avant blocage
public static $connectAttempt = [
999 => 'Aucun',
3 => '3 tentatives',
5 => '5 tentatives',
10=> '10 tentatives'
];
// Sécurité de la connexion - durée du blocage
public static $connectTimeout = [
0 => 'Aucun',
120 => '2 minutes',
240 => '4 minutes',
360 => '6 minutes',
480 => '8 minutes',
600 => '10 minutes'
];
public function generateFiles() {
// Mettre à jour le site map
$successSitemap=$this->createSitemap();
@ -438,6 +453,10 @@ class config extends common {
'username' => $this->getInput('configSmtpUsername',helper::FILTER_STRING_SHORT),
'password' =>helper::encrypt($this->getData(['config','smtp','username']),$this->getInput('configSmtpPassword')),
'sender' => $this->getInput('configSmtpSender',helper::FILTER_MAIL)
],
'connect' => [
'attempt' => $this->getInput('configConnectAttempt',helper::FILTER_INT),
'timeout' => $this->getInput('configConnectTimeout',helper::FILTER_INT),
]
]
]);

View File

@ -348,6 +348,28 @@
</div>
</div>
</div>
<div class="row">
<div class="col12">
<div class="block">
<h4>Connexion</h4>
<div class="row">
<div class="col4">
<?php echo template::select('configConnectAttempt', $module::$connectAttempt , [
'label' => 'Echecs avant blocage',
'selected' => $this->getData(['config', 'connect', 'attempt'])
]); ?>
</div>
<div class="col4">
<?php echo template::select('configConnectTimeout', $module::$connectTimeout , [
'label' => 'Durée du blocage',
'selected' => $this->getData(['config', 'connect', 'timeout'])
]); ?>
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col12">
<div class="block">

View File

@ -333,10 +333,10 @@ class user extends common {
if($this->isPost()) {
$userId = $this->getInput('userLoginId', helper::FILTER_ID, true);
// Contrôle du time out
if ( $this->getData(['user',$userId,'connectTimeout']) + self::CONNECT_TIMEOUT > time() &&
$this->getData(['user',$userId,'connectFail']) > self::CONNECT_ATTEMPT ) {
if ( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) > time() &&
$this->getData(['user',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt']) ) {
$this->addOutput([
'notification' => 'Accès bloqué pour ' . self::CONNECT_TIMEOUT . ' minutes'
'notification' => 'Accès bloqué pour ' . $this->getData(['config', 'connect', 'timeout']) . ' minutes'
]);
}
// Connexion si les informations sont correctes
@ -378,10 +378,10 @@ class user extends common {
$this->setData(['user',$userId,'connectFail',$this->getdata(['user',$userId,'connectFail']) + 1 ]);
}
// Mettre à jour le timer
if ( $this->getdata(['user',$userId,'connectFail']) > self::CONNECT_ATTEMPT) {
$notification = 'Trop de tentatives, accès bloqué durant ' . self::CONNECT_TIMEOUT / 360 . ' minutes après chaque tentative infructueuse';
if ( $this->getdata(['user',$userId,'connectFail']) > $this->getData(['config', 'connect', 'attempt'])) {
$notification = 'Trop de tentatives, accès bloqué durant ' . $this->getData(['config', 'connect', 'timeout']) . ' minutes.';
// Ne pas incrémenter le timer si actif
if ($this->getData(['user',$userId,'connectTimeout']) + self::CONNECT_TIMEOUT < time() ) {
if ($this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time() ) {
$this->setData(['user',$userId,'connectTimeout', time()]);
}
} else {