Revision 7595ed066867d8dc0caab54acc7da14f64343024 authored by Gabriel MABILLE on 07 October 2022, 12:30:15 UTC, committed by GitHub on 07 October 2022, 12:30:15 UTC
* FIX: Remove RBAC datasource permissions upon datasource deletion * Use scope provider instead * Fix test
1 parent 0eb3afb
brute_force_login_protection.go
package login
import (
"context"
"time"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/loginattempt"
)
var (
maxInvalidLoginAttempts int64 = 5
loginAttemptsWindow = time.Minute * 5
)
var validateLoginAttempts = func(ctx context.Context, query *models.LoginUserQuery, loginAttemptService loginattempt.Service) error {
if query.Cfg.DisableBruteForceLoginProtection {
return nil
}
loginAttemptCountQuery := models.GetUserLoginAttemptCountQuery{
Username: query.Username,
Since: time.Now().Add(-loginAttemptsWindow),
}
if err := loginAttemptService.GetUserLoginAttemptCount(ctx, &loginAttemptCountQuery); err != nil {
return err
}
if loginAttemptCountQuery.Result >= maxInvalidLoginAttempts {
return ErrTooManyLoginAttempts
}
return nil
}
var saveInvalidLoginAttempt = func(ctx context.Context, query *models.LoginUserQuery, loginAttemptService loginattempt.Service) error {
if query.Cfg.DisableBruteForceLoginProtection {
return nil
}
loginAttemptCommand := models.CreateLoginAttemptCommand{
Username: query.Username,
IpAddress: query.IpAddress,
}
return loginAttemptService.CreateLoginAttempt(ctx, &loginAttemptCommand)
}
Computing file changes ...
