(fix) correctly block if fail count is within interval (fixes #2850)

Alinto · Dec 15, 2016 · f0085ef · f0085ef
1 parent e010808
commit f0085ef
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/SoObjects/SOGo/SOGoCache.m b/SoObjects/SOGo/SOGoCache.m
@@ -505,6 +505,8 @@ - (void) setFailedCount: (int) theCount
         {
           [d setObject: [NSNumber numberWithUnsignedInt: [[NSCalendarDate date] timeIntervalSince1970]] forKey: @"InitialDate"];
         }
+
+      [d setObject: [NSNumber numberWithUnsignedInt: [[NSCalendarDate date] timeIntervalSince1970]] forKey: @"LastRequestDate"];
 
       [d setObject: count  forKey: @"FailedCount"];
       [self _cacheValues: [d jsonRepresentation]

diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m
@@ -531,9 +531,9 @@ - (BOOL) checkLogin: (NSString *) _login
               grace: (int *) _grace
            useCache: (BOOL) useCache
 {
+  NSString *dictPassword, *username, *jsonUser;
   NSMutableDictionary *currentUser;
   NSDictionary *failedCount;
-  NSString *dictPassword, *username, *jsonUser;
   SOGoSystemDefaults *sd;
   BOOL checkOK;
 
@@ -573,23 +573,25 @@ - (BOOL) checkLogin: (NSString *) _login
   failedCount = [[SOGoCache sharedCache] failedCountForLogin: username];
   if (failedCount)
     {
-      unsigned int current_time, start_time, delta, block_time;
+      unsigned int current_time, last_request_time, start_time, delta_start, delta_last_request, block_time;
 
       current_time = [[NSCalendarDate date] timeIntervalSince1970];
       start_time = [[failedCount objectForKey: @"InitialDate"] unsignedIntValue];
-      delta = current_time - start_time;
+      last_request_time = [[failedCount objectForKey: @"LastRequestDate"] unsignedIntValue];
+      delta_start = current_time - start_time;
+      delta_last_request = current_time - last_request_time;
 
       block_time = [sd failedLoginBlockInterval];
 
       if ([[failedCount objectForKey: @"FailedCount"] intValue] >= [sd maximumFailedLoginCount] &&
-          delta >= [sd maximumFailedLoginInterval] &&
-          delta <= block_time )
+          delta_last_request >= [sd maximumFailedLoginInterval] &&
+          delta_start <= block_time )
         {
           *_perr = PolicyAccountLocked;
           return NO;
         }
 
-      if (delta > block_time)
+      if (delta_start > block_time)
         {
           [[SOGoCache sharedCache] setFailedCount: 0
                                          forLogin: username];