[auth] Fix #13568; disable auth system after 5 wrong password attempts

Author: dakcarto

src/core/auth/qgsauthmanager.cpp

@@ -512,6 +512,14 @@ bool QgsAuthManager::verifyMasterPassword( const QString &compare )
 
         emit masterPasswordVerified( false );
       }
+      ++mPassTries;
+      if ( mPassTries >= 5 )
+      {
+        mAuthDisabled = true;
+        const char* err = QT_TR_NOOP( "Master password: failed 5 times authentication system DISABLED" );
+        QgsDebugMsg( err );
+        emit messageOut( tr( err ), authManTag(), WARNING );
+      }
       return false;
     }
     else
@@ -2800,6 +2808,7 @@ QgsAuthManager::QgsAuthManager()
     , mAuthDbPath( QString() )
     , mQcaInitializer( 0 )
     , mMasterPass( QString() )
+    , mPassTries( 0 )
     , mAuthDisabled( false )
     , mScheduledDbEraseTimer( 0 )
     , mScheduledDbErase( false )

src/core/auth/qgsauthmanager.h

@@ -607,6 +607,7 @@ class CORE_EXPORT QgsAuthManager : public QObject
     QHash<QString, QgsAuthMethod*> mAuthMethods;
 
     QString mMasterPass;
+    int mPassTries;
     bool mAuthDisabled;
     QString mAuthDisabledMessage;
     QTimer *mScheduledDbEraseTimer;

src/gui/auth/qgsauthmasterpassresetdialog.cpp

@@ -73,14 +73,14 @@ void QgsMasterPasswordResetDialog::on_leMasterPassCurrent_textChanged( const QSt
 {
   // since this is called on every keystroke, block signals emitted during verification of password
   QgsAuthManager::instance()->blockSignals( true );
-  mPassCurOk = !pass.isEmpty() && QgsAuthManager::instance()->setMasterPassword( pass, true );
+  mPassCurOk = !pass.isEmpty();
   QgsAuthManager::instance()->blockSignals( false );
   validatePasswords();
 }
 
 void QgsMasterPasswordResetDialog::on_leMasterPassNew_textChanged( const QString& pass )
 {
-  mPassNewOk = !pass.isEmpty() && !QgsAuthManager::instance()->masterPasswordSame( pass );
+  mPassNewOk = !pass.isEmpty();
   validatePasswords();
 }
 
@@ -96,10 +96,12 @@ void QgsMasterPasswordResetDialog::on_chkPassShowNew_stateChanged( int state )
 
 void QgsMasterPasswordResetDialog::validatePasswords()
 {
-  QString ss = mPassCurOk ? QgsAuthGuiUtils::greenTextStyleSheet( "QLineEdit" )
-               : QgsAuthGuiUtils::redTextStyleSheet( "QLineEdit" );
-  leMasterPassCurrent->setStyleSheet( ss );
-  leMasterPassNew->setStyleSheet( ss );
+  QString ss1 = mPassCurOk ? QgsAuthGuiUtils::greenTextStyleSheet( "QLineEdit" )
+                : QgsAuthGuiUtils::redTextStyleSheet( "QLineEdit" );
+  leMasterPassCurrent->setStyleSheet( ss1 );
+  QString ss2 = mPassNewOk ? QgsAuthGuiUtils::greenTextStyleSheet( "QLineEdit" )
+                : QgsAuthGuiUtils::redTextStyleSheet( "QLineEdit" );
+  leMasterPassNew->setStyleSheet( ss2 );
   buttonBox->button( QDialogButtonBox::Ok )->setEnabled( mPassCurOk && mPassNewOk );
 }
 

src/gui/qgscredentialdialog.cpp

@@ -190,6 +190,11 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
     {
       break;
     }
+
+    if ( passfailed >= 5 )
+    {
+      break;
+    }
   }
 
   // don't leave master password in singleton's text field, or the ability to show it
@@ -205,6 +210,11 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
   mOkButton->setEnabled( true );
 
   QApplication::restoreOverrideCursor();
+
+  if ( passfailed >= 5 )
+  {
+    close();
+  }
 }
 
 void QgsCredentialDialog::on_chkMasterPassShow_stateChanged( int state )