Skip to content
Permalink
Browse files

[auth] Fix #13568; disable auth system after 5 wrong password attempts

  • Loading branch information
dakcarto committed Oct 23, 2015
1 parent b65b595 commit dfb476a527128b4958c9c807d8d38632cb54287d
@@ -512,6 +512,14 @@ bool QgsAuthManager::verifyMasterPassword( const QString &compare )

emit masterPasswordVerified( false );
}
++mPassTries;
if ( mPassTries >= 5 )
{
mAuthDisabled = true;
const char* err = QT_TR_NOOP( "Master password: failed 5 times authentication system DISABLED" );

This comment has been minimized.

Copy link
@m-kuhn

m-kuhn Oct 23, 2015

Member

What do you think about adding "Please close and reopen QGIS to retry."?

This comment has been minimized.

Copy link
@dakcarto

dakcarto Oct 23, 2015

Author Member

Yes, that would be good. Didn't read this in time, though. Will add next week to master

QgsDebugMsg( err );
emit messageOut( tr( err ), authManTag(), WARNING );
}
return false;
}
else
@@ -2800,6 +2808,7 @@ QgsAuthManager::QgsAuthManager()
, mAuthDbPath( QString() )
, mQcaInitializer( 0 )
, mMasterPass( QString() )
, mPassTries( 0 )
, mAuthDisabled( false )
, mScheduledDbEraseTimer( 0 )
, mScheduledDbErase( false )
@@ -607,6 +607,7 @@ class CORE_EXPORT QgsAuthManager : public QObject
QHash<QString, QgsAuthMethod*> mAuthMethods;

QString mMasterPass;
int mPassTries;
bool mAuthDisabled;
QString mAuthDisabledMessage;
QTimer *mScheduledDbEraseTimer;
@@ -73,14 +73,14 @@ void QgsMasterPasswordResetDialog::on_leMasterPassCurrent_textChanged( const QSt
{
// since this is called on every keystroke, block signals emitted during verification of password
QgsAuthManager::instance()->blockSignals( true );
mPassCurOk = !pass.isEmpty() && QgsAuthManager::instance()->setMasterPassword( pass, true );
mPassCurOk = !pass.isEmpty();
QgsAuthManager::instance()->blockSignals( false );
validatePasswords();
}

void QgsMasterPasswordResetDialog::on_leMasterPassNew_textChanged( const QString& pass )
{
mPassNewOk = !pass.isEmpty() && !QgsAuthManager::instance()->masterPasswordSame( pass );
mPassNewOk = !pass.isEmpty();
validatePasswords();
}

@@ -96,10 +96,12 @@ void QgsMasterPasswordResetDialog::on_chkPassShowNew_stateChanged( int state )

void QgsMasterPasswordResetDialog::validatePasswords()
{
QString ss = mPassCurOk ? QgsAuthGuiUtils::greenTextStyleSheet( "QLineEdit" )
: QgsAuthGuiUtils::redTextStyleSheet( "QLineEdit" );
leMasterPassCurrent->setStyleSheet( ss );
leMasterPassNew->setStyleSheet( ss );
QString ss1 = mPassCurOk ? QgsAuthGuiUtils::greenTextStyleSheet( "QLineEdit" )
: QgsAuthGuiUtils::redTextStyleSheet( "QLineEdit" );
leMasterPassCurrent->setStyleSheet( ss1 );
QString ss2 = mPassNewOk ? QgsAuthGuiUtils::greenTextStyleSheet( "QLineEdit" )
: QgsAuthGuiUtils::redTextStyleSheet( "QLineEdit" );
leMasterPassNew->setStyleSheet( ss2 );
buttonBox->button( QDialogButtonBox::Ok )->setEnabled( mPassCurOk && mPassNewOk );
}

@@ -190,6 +190,11 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
{
break;
}

if ( passfailed >= 5 )
{
break;
}
}

// don't leave master password in singleton's text field, or the ability to show it
@@ -205,6 +210,11 @@ void QgsCredentialDialog::requestCredentialsMasterPassword( QString * password,
mOkButton->setEnabled( true );

QApplication::restoreOverrideCursor();

if ( passfailed >= 5 )
{
close();
}
}

void QgsCredentialDialog::on_chkMasterPassShow_stateChanged( int state )

0 comments on commit dfb476a

Please sign in to comment.
You can’t perform that action at this time.