From 42b07f0e03762abd1d943e82970e8beba4a1dad8 Mon Sep 17 00:00:00 2001 From: Luke Pulverenti Date: Sat, 28 Feb 2015 08:43:06 -0500 Subject: [PATCH] support lockout after several unsuccessful login attempts --- .../Configuration/UserConfiguration.cs | 12 -------- .../Library/UserManager.cs | 30 +++++++++++++------ 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/MediaBrowser.Model/Configuration/UserConfiguration.cs b/MediaBrowser.Model/Configuration/UserConfiguration.cs index aa49ee50d..a78161140 100644 --- a/MediaBrowser.Model/Configuration/UserConfiguration.cs +++ b/MediaBrowser.Model/Configuration/UserConfiguration.cs @@ -33,20 +33,12 @@ namespace MediaBrowser.Model.Configuration public bool DisplayMissingEpisodes { get; set; } public bool DisplayUnairedEpisodes { get; set; } - public bool EnableLiveTvManagement { get; set; } - public bool EnableLiveTvAccess { get; set; } - - public bool EnableMediaPlayback { get; set; } - public bool EnableContentDeletion { get; set; } - public bool GroupMoviesIntoBoxSets { get; set; } public string[] DisplayChannelsWithinViews { get; set; } public string[] ExcludeFoldersFromGrouping { get; set; } - public UnratedItem[] BlockUnratedItems { get; set; } - public SubtitlePlaybackMode SubtitleMode { get; set; } public bool DisplayCollectionsView { get; set; } public bool DisplayFoldersView { get; set; } @@ -69,14 +61,10 @@ namespace MediaBrowser.Model.Configuration public UserConfiguration() { PlayDefaultAudioTrack = true; - EnableLiveTvManagement = true; - EnableMediaPlayback = true; - EnableLiveTvAccess = true; LatestItemsExcludes = new string[] { }; OrderedViews = new string[] { }; DisplayChannelsWithinViews = new string[] { }; - BlockUnratedItems = new UnratedItem[] { }; ExcludeFoldersFromGrouping = new string[] { }; DisplayCollectionsView = true; diff --git a/MediaBrowser.Server.Implementations/Library/UserManager.cs b/MediaBrowser.Server.Implementations/Library/UserManager.cs index bf8792461..0f160bc2e 100644 --- a/MediaBrowser.Server.Implementations/Library/UserManager.cs +++ b/MediaBrowser.Server.Implementations/Library/UserManager.cs @@ -259,6 +259,11 @@ namespace MediaBrowser.Server.Implementations.Library { user.LastActivityDate = user.LastLoginDate = DateTime.UtcNow; await UpdateUser(user).ConfigureAwait(false); + await UpdateInvalidLoginAttemptCount(user, 0).ConfigureAwait(false); + } + else + { + await UpdateInvalidLoginAttemptCount(user, user.Policy.InvalidLoginAttemptCount + 1).ConfigureAwait(false); } _logger.Info("Authentication request for {0} {1}.", user.Name, (success ? "has succeeded" : "has been denied")); @@ -266,6 +271,22 @@ namespace MediaBrowser.Server.Implementations.Library return success; } + private async Task UpdateInvalidLoginAttemptCount(User user, int newValue) + { + if (user.Policy.InvalidLoginAttemptCount != newValue || newValue > 0) + { + user.Policy.InvalidLoginAttemptCount = newValue; + + if (newValue >= 3) + { + _logger.Debug("Disabling user {0} due to {1} unsuccessful login attempts.", user.Name, newValue.ToString(CultureInfo.InvariantCulture)); + user.Policy.IsDisabled = true; + } + + await UpdateUserPolicy(user, user.Policy, false).ConfigureAwait(false); + } + } + private string GetPasswordHash(User user) { return string.IsNullOrEmpty(user.Password) @@ -332,11 +353,6 @@ namespace MediaBrowser.Server.Implementations.Library { if (!user.Configuration.HasMigratedToPolicy) { - user.Policy.BlockUnratedItems = user.Configuration.BlockUnratedItems; - user.Policy.EnableContentDeletion = user.Configuration.EnableContentDeletion; - user.Policy.EnableLiveTvAccess = user.Configuration.EnableLiveTvAccess; - user.Policy.EnableLiveTvManagement = user.Configuration.EnableLiveTvManagement; - user.Policy.EnableMediaPlayback = user.Configuration.EnableMediaPlayback; user.Policy.IsAdministrator = user.Configuration.IsAdministrator; await UpdateUserPolicy(user, user.Policy, false); @@ -915,10 +931,6 @@ namespace MediaBrowser.Server.Implementations.Library } user.Configuration.IsAdministrator = user.Policy.IsAdministrator; - user.Configuration.EnableLiveTvManagement = user.Policy.EnableLiveTvManagement; - user.Configuration.EnableLiveTvAccess = user.Policy.EnableLiveTvAccess; - user.Configuration.EnableMediaPlayback = user.Policy.EnableMediaPlayback; - user.Configuration.EnableContentDeletion = user.Policy.EnableContentDeletion; await UpdateConfiguration(user, user.Configuration, true).ConfigureAwait(false); }