Browse Source

[REF] description;

pull/262/head
Sylvain LE GAL 9 years ago
parent
commit
298803eaec
  1. 41
      auth_brute_force/README.rst
  2. 6
      auth_brute_force/__openerp__.py
  3. 2
      auth_brute_force/controllers/controllers.py
  4. 2
      auth_brute_force/data/ir_config_parameter.xml
  5. 2
      auth_brute_force/models/res_authentication_attempt.py
  6. 2
      auth_brute_force/models/res_banned_remote.py
  7. 2
      auth_brute_force/views/action.xml
  8. 2
      auth_brute_force/views/menu.xml
  9. 2
      auth_brute_force/views/view.xml

41
auth_brute_force/README.rst

@ -1,22 +1,25 @@
.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
:alt: License
==============================================
Authentication Tracking and Prevent Brut Force
==============================================
=======================================================
Authentication Tracking and Prevent Brute-force Attacks
=======================================================
This module register each request done by users trying to authenticate into
This module registers each request done by users trying to authenticate into
Odoo. If the authentication fails, a counter is increased for the given remote
IP. After 10 attempts (or other quantity, depending on an ir.config_parameter),
Odoo will ban the remote IP and ignore new requests.
Admin user have the possibility to unblock a banned IP.
IP. After after a defined number of attempts, Odoo will ban the remote IP and
ignore new requests.
This module applies [security through obscurity]
(https://en.wikipedia.org/wiki/Security_through_obscurity):
When a user is banned, the request is now considered as an attack. So, the UI
will **not** indicate to the user that his IP is banned and the regular message
'Wrong login/password' is displayed.
This module realizes a call to a web API (http://ip-api.com) to try to have
extra informations about remote IP.
Note and Warning
----------------
Known issue / Roadmap
---------------------
The ID used to identify a remote request is the IP provided in the request
(key 'REMOTE_ADDR').
Depending of server and / or user network configuration, the idenfication
@ -27,6 +30,18 @@ of the user can be wrong, and mainly in the following cases:
* If some users are behind the same Internet Service Provider, if a user is
banned, all the other users will be banned to;
Configuration
-------------
Once installed, you can change the ir.config_parameter value for the key
'auth_brute_force.max_attempt_qty' (10 by default) that define the max number
of attempts allowed before the user was banned.
Usage
-----
Admin user have the possibility to unblock a banned IP.
Logging
-------
@ -47,11 +62,11 @@ Screenshot
**List of Attempts**
.. image:: /auth_brut_force/static/description/screenshot_attempts_list.png
.. image:: /auth_brute_force/static/description/screenshot_attempts_list.png
**Detail of a banned IP**
.. image:: /auth_brut_force/static/description/screenshot_custom_ban.png
.. image:: /auth_brute_force/static/description/screenshot_custom_ban.png
Usage
@ -73,7 +88,7 @@ Bug Tracker
Bugs are tracked on `GitHub Issues <https://github.com/OCA/web/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us smashing it by providing a detailed and welcomed feedback
`here <https://github.com/OCA/web/issues/new?body=module:%20auth_brut_force%0Aversion:%208.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
`here <https://github.com/OCA/web/issues/new?body=module:%20auth_brute_force%0Aversion:%208.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
Credits
=======

6
auth_brute_force/__openerp__.py

@ -1,7 +1,7 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Authentification - Track And Prevent Brut Force module for Odoo
# Authentification - Track And Prevent Brute-force Attack module for Odoo
# Copyright (C) 2015-Today GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#
@ -21,10 +21,10 @@
##############################################################################
{
'name': 'Authentification - Track And Prevent Brut Force',
'name': 'Authentification - Brute-force Attack',
'version': '8.0.1.0.0',
'category': 'base',
'summary': "Authentication Tracking and Prevent Brut Force",
'summary': "Authentication Tracking and Prevent Brute-force Attack",
'author': "GRAP,Odoo Community Association (OCA)",
'website': 'http://www.grap.coop',
'license': 'AGPL-3',

2
auth_brute_force/controllers/controllers.py

@ -1,7 +1,7 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Authentification - Track And Prevent Brut Force module for Odoo
# Authentification - Track And Prevent Brute-force Attack module for Odoo
# Copyright (C) 2015-Today GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#

2
auth_brute_force/data/ir_config_parameter.xml

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- ********************************************************************** -->
<!--Authentification - Track And Prevent Brut Force module for Odoo -->
<!--Authentification - Track And Prevent Brute-force Attack module for Odoo -->
<!--Copyright (C) 2015-Today GRAP (http://www.grap.coop) -->
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) -->

2
auth_brute_force/models/res_authentication_attempt.py

@ -1,7 +1,7 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Authentification - Track And Prevent Brut Force module for Odoo
# Authentification - Track And Prevent Brute-force Attack module for Odoo
# Copyright (C) 2015-Today GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#

2
auth_brute_force/models/res_banned_remote.py

@ -1,7 +1,7 @@
# -*- encoding: utf-8 -*-
##############################################################################
#
# Authentification - Track And Prevent Brut Force module for Odoo
# Authentification - Track And Prevent Brute-force Attack module for Odoo
# Copyright (C) 2015-Today GRAP (http://www.grap.coop)
# @author Sylvain LE GAL (https://twitter.com/legalsylvain)
#

2
auth_brute_force/views/action.xml

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- ********************************************************************** -->
<!--Authentification - Track And Prevent Brut Force module for Odoo -->
<!--Authentification - Track And Prevent Brute-force Attack module for Odoo -->
<!--Copyright (C) 2015-Today GRAP (http://www.grap.coop) -->
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) -->

2
auth_brute_force/views/menu.xml

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- ********************************************************************** -->
<!--Authentification - Track And Prevent Brut Force module for Odoo -->
<!--Authentification - Track And Prevent Brute-force Attack module for Odoo -->
<!--Copyright (C) 2015-Today GRAP (http://www.grap.coop) -->
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) -->

2
auth_brute_force/views/view.xml

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- ********************************************************************** -->
<!--Authentification - Track And Prevent Brut Force module for Odoo -->
<!--Authentification - Track And Prevent Brute-force Attack module for Odoo -->
<!--Copyright (C) 2015-Today GRAP (http://www.grap.coop) -->
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) -->

Loading…
Cancel
Save