feat: add the FailedSigninLimit and FailedSigninfrozenTime config…

…uration options to the application (casdoor#2552) Add configuration items to the application to limit the number of logins and the login wait time after the maximum number of errors is reached feat: casdoor#2272 fix: fixed the issue where the token parameter could be set to a negative value
99nil · Dec 20, 2023 · 5499e62 · 5499e62
1 parent f8905ae
commit 5499e62
Show file tree

Hide file tree

Showing 30 changed files with 185 additions and 17 deletions.
diff --git a/controllers/application.go b/controllers/application.go
@@ -110,6 +110,14 @@ func (c *ApiController) GetApplication() {
 		}
 	}
 
+	// 0 as an initialization value, corresponding to the default configuration parameters
+	if application.FailedSigninLimit == 0 {
+		application.FailedSigninLimit = object.DefaultFailedSigninLimit
+	}
+	if application.FailedSigninfrozenTime == 0 {
+		application.FailedSigninfrozenTime = object.DefaultFailedSigninfrozenTime
+	}
+
 	c.ResponseOk(object.GetMaskedApplication(application, userId))
 }
 

diff --git a/controllers/auth.go b/controllers/auth.go
@@ -946,8 +946,14 @@ func (c *ApiController) GetCaptchaStatus() {
 		return
 	}
 
+	failedSigninLimit, _, err := object.GetFailedSigninConfigByUser(user)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
 	var captchaEnabled bool
-	if user != nil && user.SigninWrongTimes >= object.SigninWrongTimesLimit {
+	if user != nil && user.SigninWrongTimes >= failedSigninLimit {
 		captchaEnabled = true
 	}
 	c.ResponseOk(captchaEnabled)

diff --git a/init_data.json.template b/init_data.json.template
@@ -104,7 +104,9 @@
         }
       ],
       "redirectUris": [""],
-      "expireInHours": 168
+      "expireInHours": 168,
+      "failedSigninLimit": 5,
+      "failedSigninfrozenTime": 15
     }
   ],
   "users": [

diff --git a/object/application.go b/object/application.go
@@ -90,6 +90,9 @@ type Application struct {
 	FormOffset           int        `json:"formOffset"`
 	FormSideHtml         string     `xorm:"mediumtext" json:"formSideHtml"`
 	FormBackgroundUrl    string     `xorm:"varchar(200)" json:"formBackgroundUrl"`
+
+	FailedSigninLimit      int `json:"failedSigninLimit"`
+	FailedSigninfrozenTime int `json:"failedSigninfrozenTime"`
 }
 
 func GetApplicationCount(owner, field, value string) (int64, error) {

diff --git a/object/check.go b/object/check.go
@@ -28,8 +28,9 @@ import (
 )
 
 const (
-	SigninWrongTimesLimit     = 5
-	LastSignWrongTimeDuration = time.Minute * 15
+	DefaultFailedSigninLimit = 5
+	// DefaultFailedSigninfrozenTime The unit of frozen time is minutes
+	DefaultFailedSigninfrozenTime = 15
 )
 
 func CheckUserSignup(application *Application, organization *Organization, form *form.AuthForm, lang string) string {
@@ -143,10 +144,15 @@ func CheckUserSignup(application *Application, organization *Organization, form
 }
 
 func checkSigninErrorTimes(user *User, lang string) error {
-	if user.SigninWrongTimes >= SigninWrongTimesLimit {
+	failedSigninLimit, failedSigninfrozenTime, err := GetFailedSigninConfigByUser(user)
+	if err != nil {
+		return err
+	}
+
+	if user.SigninWrongTimes >= failedSigninLimit {
 		lastSignWrongTime, _ := time.Parse(time.RFC3339, user.LastSigninWrongTime)
 		passedTime := time.Now().UTC().Sub(lastSignWrongTime)
-		minutes := int(LastSignWrongTimeDuration.Minutes() - passedTime.Minutes())
+		minutes := failedSigninfrozenTime - int(passedTime.Minutes())
 
 		// deny the login if the error times is greater than the limit and the last login time is less than the duration
 		if minutes > 0 {
@@ -479,7 +485,14 @@ func CheckToEnableCaptcha(application *Application, organization, username strin
 				if err != nil {
 					return false, err
 				}
-				return user != nil && user.SigninWrongTimes >= SigninWrongTimesLimit, nil
+
+				var failedSigninLimit int
+				if application.FailedSigninLimit == 0 {
+					failedSigninLimit = 5
+				} else {
+					failedSigninLimit = application.FailedSigninLimit
+				}
+				return user != nil && user.SigninWrongTimes >= failedSigninLimit, nil
 			}
 			return providerItem.Rule == "Always", nil
 		}

diff --git a/object/check_util.go b/object/check_util.go
@@ -47,18 +47,42 @@ func resetUserSigninErrorTimes(user *User) error {
 	return err
 }
 
+func GetFailedSigninConfigByUser(user *User) (int, int, error) {
+	application, err := GetApplicationByUser(user)
+	if err != nil {
+		return 0, 0, err
+	}
+	failedSigninLimit := application.FailedSigninLimit
+	failedSigninfrozenTime := application.FailedSigninfrozenTime
+
+	// 0 as an initialization value, corresponding to the default configuration parameters
+	if failedSigninLimit == 0 {
+		failedSigninLimit = DefaultFailedSigninLimit
+	}
+	if failedSigninfrozenTime == 0 {
+		failedSigninfrozenTime = DefaultFailedSigninfrozenTime
+	}
+
+	return failedSigninLimit, failedSigninfrozenTime, nil
+}
+
 func recordSigninErrorInfo(user *User, lang string, options ...bool) error {
 	enableCaptcha := false
 	if len(options) > 0 {
 		enableCaptcha = options[0]
 	}
 
+	failedSigninLimit, failedSigninfrozenTime, errSignin := GetFailedSigninConfigByUser(user)
+	if errSignin != nil {
+		return errSignin
+	}
+
 	// increase failed login count
-	if user.SigninWrongTimes < SigninWrongTimesLimit {
+	if user.SigninWrongTimes < failedSigninLimit {
 		user.SigninWrongTimes++
 	}
 
-	if user.SigninWrongTimes >= SigninWrongTimesLimit {
+	if user.SigninWrongTimes >= failedSigninLimit {
 		// record the latest failed login time
 		user.LastSigninWrongTime = time.Now().UTC().Format(time.RFC3339)
 	}
@@ -69,13 +93,13 @@ func recordSigninErrorInfo(user *User, lang string, options ...bool) error {
 		return err
 	}
 
-	leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
+	leftChances := failedSigninLimit - user.SigninWrongTimes
 	if leftChances == 0 && enableCaptcha {
 		return fmt.Errorf(i18n.Translate(lang, "check:password or code is incorrect"))
 	} else if leftChances >= 0 {
 		return fmt.Errorf(i18n.Translate(lang, "check:password or code is incorrect, you have %d remaining chances"), leftChances)
 	}
 
 	// don't show the chance error message if the user has no chance left
-	return fmt.Errorf(i18n.Translate(lang, "check:You have entered the wrong password or code too many times, please wait for %d minutes and try again"), int(LastSignWrongTimeDuration.Minutes()))
+	return fmt.Errorf(i18n.Translate(lang, "check:You have entered the wrong password or code too many times, please wait for %d minutes and try again"), failedSigninfrozenTime)
 }
diff --git a/web/src/ApplicationEditPage.js b/web/src/ApplicationEditPage.js
@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Col, ConfigProvider, Input, List, Popover, Radio, Result, Row, Select, Space, Switch, Upload} from "antd";
+import {Button, Card, Col, ConfigProvider, Input, InputNumber, List, Popover, Radio, Result, Row, Select, Space, Switch, Upload} from "antd";
 import {CopyOutlined, LinkOutlined, UploadOutlined} from "@ant-design/icons";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
 import * as CertBackend from "./backend/CertBackend";
@@ -199,7 +199,7 @@ class ApplicationEditPage extends React.Component {
   }
 
   parseApplicationField(key, value) {
-    if (["expireInHours", "refreshExpireInHours", "offset"].includes(key)) {
+    if (["offset"].includes(key)) {
       value = Setting.myParseInt(value);
     }
     return value;
@@ -394,8 +394,8 @@ class ApplicationEditPage extends React.Component {
             {Setting.getLabel(i18next.t("application:Token expire"), i18next.t("application:Token expire - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input style={{width: "150px"}} value={this.state.application.expireInHours} suffix="Hours" onChange={e => {
-              this.updateApplicationField("expireInHours", e.target.value);
+            <InputNumber style={{width: "150px"}} value={this.state.application.expireInHours} min={1} step={1} precision={0} addonAfter="Hours" onChange={value => {
+              this.updateApplicationField("expireInHours", value);
             }} />
           </Col>
         </Row>
@@ -404,8 +404,28 @@ class ApplicationEditPage extends React.Component {
             {Setting.getLabel(i18next.t("application:Refresh token expire"), i18next.t("application:Refresh token expire - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input style={{width: "150px"}} value={this.state.application.refreshExpireInHours} suffix="Hours" onChange={e => {
-              this.updateApplicationField("refreshExpireInHours", e.target.value);
+            <InputNumber style={{width: "150px"}} value={this.state.application.refreshExpireInHours} min={1} step={1} precision={0} addonAfter="Hours" onChange={value => {
+              this.updateApplicationField("refreshExpireInHours", value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Failed signin limit"), i18next.t("application:Failed signin limit - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber style={{width: "150px"}} value={this.state.application.failedSigninLimit} min={1} step={1} precision={0} addonAfter="Times" onChange={value => {
+              this.updateApplicationField("failedSigninLimit", value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Failed signin frozen time"), i18next.t("application:Failed signin frozen time - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber style={{width: "150px"}} value={this.state.application.failedSigninfrozenTime} min={1} step={1} precision={0} addonAfter="Minutes" onChange={value => {
+              this.updateApplicationField("failedSigninfrozenTime", value);
             }} />
           </Col>
         </Row>

diff --git a/web/src/locales/ar/data.json b/web/src/locales/ar/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Failed to sign in",
     "File uploaded successfully": "File uploaded successfully",
     "First, last": "First, last",

diff --git a/web/src/locales/de/data.json b/web/src/locales/de/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Ob Casdoor eine Sitzung aufrechterhält, nachdem man sich von der Anwendung aus bei Casdoor angemeldet hat",
     "Enable signup": "Registrierung aktivieren",
     "Enable signup - Tooltip": "Ob Benutzern erlaubt werden soll, ein neues Konto zu registrieren",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Fehler bei der Anmeldung",
     "File uploaded successfully": "Datei erfolgreich hochgeladen",
     "First, last": "First, last",

diff --git a/web/src/locales/en/data.json b/web/src/locales/en/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Failed to sign in",
     "File uploaded successfully": "File uploaded successfully",
     "First, last": "First, last",

diff --git a/web/src/locales/es/data.json b/web/src/locales/es/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Si Casdoor mantiene una sesión después de iniciar sesión en Casdoor desde la aplicación",
     "Enable signup": "Habilitar registro",
     "Enable signup - Tooltip": "Ya sea permitir que los usuarios registren una nueva cuenta",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Error al iniciar sesión",
     "File uploaded successfully": "Archivo subido exitosamente",
     "First, last": "First, last",

diff --git a/web/src/locales/fa/data.json b/web/src/locales/fa/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Failed to sign in",
     "File uploaded successfully": "File uploaded successfully",
     "First, last": "First, last",

diff --git a/web/src/locales/fi/data.json b/web/src/locales/fi/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Failed to sign in",
     "File uploaded successfully": "File uploaded successfully",
     "First, last": "First, last",

diff --git a/web/src/locales/fr/data.json b/web/src/locales/fr/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Conserver une session après la connexion à Casdoor à partir de l'application",
     "Enable signup": "Activer l'inscription",
     "Enable signup - Tooltip": "Autoriser la création de nouveaux comptes",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Échec de la connexion",
     "File uploaded successfully": "Fichier téléchargé avec succès",
     "First, last": "Prénom, nom",

diff --git a/web/src/locales/he/data.json b/web/src/locales/he/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Failed to sign in",
     "File uploaded successfully": "File uploaded successfully",
     "First, last": "First, last",

diff --git a/web/src/locales/id/data.json b/web/src/locales/id/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Apakah Casdoor mempertahankan sesi setelah login ke Casdoor dari aplikasi",
     "Enable signup": "Aktifkan pendaftaran",
     "Enable signup - Tooltip": "Apakah akan mengizinkan pengguna untuk mendaftar akun baru",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Gagal masuk",
     "File uploaded successfully": "Berkas telah diunggah dengan sukses",
     "First, last": "First, last",

diff --git a/web/src/locales/it/data.json b/web/src/locales/it/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Failed to sign in",
     "File uploaded successfully": "File uploaded successfully",
     "First, last": "First, last",

diff --git a/web/src/locales/ja/data.json b/web/src/locales/ja/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "アプリケーションから Casdoor にログイン後、Casdoor がセッションを維持しているかどうか",
     "Enable signup": "サインアップを有効にする",
     "Enable signup - Tooltip": "新しいアカウントの登録をユーザーに許可するかどうか",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "ログインに失敗しました",
     "File uploaded successfully": "ファイルが正常にアップロードされました",
     "First, last": "First, last",

diff --git a/web/src/locales/kk/data.json b/web/src/locales/kk/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Failed to sign in",
     "File uploaded successfully": "File uploaded successfully",
     "First, last": "First, last",

diff --git a/web/src/locales/ko/data.json b/web/src/locales/ko/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "애플리케이션에서 Casdoor에 로그인 한 후 Casdoor가 세션을 유지하는 지 여부",
     "Enable signup": "가입 가능하게 만들기",
     "Enable signup - Tooltip": "사용자가 새로운 계정을 등록할지 여부",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "로그인 실패했습니다",
     "File uploaded successfully": "파일이 성공적으로 업로드되었습니다",
     "First, last": "First, last",

diff --git a/web/src/locales/ms/data.json b/web/src/locales/ms/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Failed to sign in",
     "File uploaded successfully": "File uploaded successfully",
     "First, last": "First, last",

diff --git a/web/src/locales/nl/data.json b/web/src/locales/nl/data.json
@@ -46,6 +46,10 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Failed signin frozen time": "Failed signin frozen time",
+    "Failed signin frozen time - Tooltip": "Failed signin frozen time - Tooltip",
+    "Failed signin limit": "Failed signin limit",
+    "Failed signin limit - Tooltip": "Failed signin limit - Tooltip",
     "Failed to sign in": "Failed to sign in",
     "File uploaded successfully": "File uploaded successfully",
     "First, last": "First, last",