Browse Source
Merge pull request #262 from grap/8.0_ADD_auth_track_and_prevent_brut_force
Merge pull request #262 from grap/8.0_ADD_auth_track_and_prevent_brut_force
[ADD] auth track and prevent brut forcepull/356/head
Maxime Chambreuil - http://www.savoirfairelinux.com
9 years ago
18 changed files with 893 additions and 0 deletions
-
114auth_brute_force/README.rst
-
3auth_brute_force/__init__.py
-
42auth_brute_force/__openerp__.py
-
2auth_brute_force/controllers/__init__.py
-
104auth_brute_force/controllers/controllers.py
-
29auth_brute_force/data/ir_config_parameter.xml
-
150auth_brute_force/i18n/auth_brute_force.pot
-
120auth_brute_force/i18n/fr.po
-
3auth_brute_force/models/__init__.py
-
58auth_brute_force/models/res_authentication_attempt.py
-
71auth_brute_force/models/res_banned_remote.py
-
28auth_brute_force/security/ir_model_access.yml
-
BINauth_brute_force/static/description/icon.png
-
BINauth_brute_force/static/description/screenshot_attempts_list.png
-
BINauth_brute_force/static/description/screenshot_custom_ban.png
-
39auth_brute_force/views/action.xml
-
32auth_brute_force/views/menu.xml
-
98auth_brute_force/views/view.xml
@ -0,0 +1,114 @@ |
|||||
|
.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg |
||||
|
:alt: License |
||||
|
|
||||
|
=============================================================== |
||||
|
Tracks Authentication Attempts and Prevents Brute-force Attacks |
||||
|
=============================================================== |
||||
|
|
||||
|
This module registers each request done by users trying to authenticate into |
||||
|
Odoo. If the authentication fails, a counter is increased for the given remote |
||||
|
IP. After after a defined number of attempts, Odoo will ban the remote IP and |
||||
|
ignore new requests. |
||||
|
This module applies security through obscurity |
||||
|
(https://en.wikipedia.org/wiki/Security_through_obscurity), |
||||
|
When a user is banned, the request is now considered as an attack. So, the UI |
||||
|
will **not** indicate to the user that his IP is banned and the regular message |
||||
|
'Wrong login/password' is displayed. |
||||
|
|
||||
|
This module realizes a call to a web API (http://ip-api.com) to try to have |
||||
|
extra informations about remote IP. |
||||
|
|
||||
|
Known issue / Roadmap |
||||
|
--------------------- |
||||
|
The ID used to identify a remote request is the IP provided in the request |
||||
|
(key 'REMOTE_ADDR'). |
||||
|
Depending of server and / or user network configuration, the idenfication |
||||
|
of the user can be wrong, and mainly in the following cases: |
||||
|
|
||||
|
* if the Odoo server is behind an Apache / NGinx proxy without redirection, |
||||
|
all the request will be have the value '127.0.0.1' for the REMOTE_ADDR key; |
||||
|
* If some users are behind the same Internet Service Provider, if a user is |
||||
|
banned, all the other users will be banned too; |
||||
|
|
||||
|
Configuration |
||||
|
------------- |
||||
|
|
||||
|
Once installed, you can change the ir.config_parameter value for the key |
||||
|
'auth_brute_force.max_attempt_qty' (10 by default) that define the max number |
||||
|
of attempts allowed before the user was banned. |
||||
|
|
||||
|
Usage |
||||
|
----- |
||||
|
|
||||
|
Admin user have the possibility to unblock a banned IP. |
||||
|
|
||||
|
Logging |
||||
|
------- |
||||
|
|
||||
|
This module generates some WARNING logs, in the three following cases: |
||||
|
|
||||
|
* Authentication failed from remote '127.0.0.1'. Login tried : 'admin'. |
||||
|
Attempt 1 / 10. |
||||
|
|
||||
|
* Authentication failed from remote '127.0.0.1'. The remote has been banned. |
||||
|
Login tried : 'admin'. |
||||
|
|
||||
|
* Authentication tried from remote '127.0.0.1'. The request has been ignored |
||||
|
because the remote has been banned after 10 attempts without success. Login |
||||
|
tried : 'admin'. |
||||
|
|
||||
|
Screenshot |
||||
|
---------- |
||||
|
|
||||
|
**List of Attempts** |
||||
|
|
||||
|
.. image:: /auth_brute_force/static/description/screenshot_attempts_list.png |
||||
|
|
||||
|
**Detail of a banned IP** |
||||
|
|
||||
|
.. image:: /auth_brute_force/static/description/screenshot_custom_ban.png |
||||
|
|
||||
|
|
||||
|
Usage |
||||
|
===== |
||||
|
|
||||
|
* go to ... |
||||
|
|
||||
|
.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas |
||||
|
:alt: Try me on Runbot |
||||
|
:target: https://runbot.odoo-community.org/runbot/149/8.0 |
||||
|
|
||||
|
For further information, please visit: |
||||
|
|
||||
|
* https://www.odoo.com/forum/help-1 |
||||
|
|
||||
|
Bug Tracker |
||||
|
=========== |
||||
|
|
||||
|
Bugs are tracked on `GitHub Issues <https://github.com/OCA/web/issues>`_. |
||||
|
In case of trouble, please check there if your issue has already been reported. |
||||
|
If you spotted it first, help us smashing it by providing a detailed and welcomed feedback |
||||
|
`here <https://github.com/OCA/web/issues/new?body=module:%20auth_brute_force%0Aversion:%208.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. |
||||
|
|
||||
|
Credits |
||||
|
======= |
||||
|
|
||||
|
Contributors |
||||
|
------------ |
||||
|
|
||||
|
* Sylvain LE GAL (https://twitter.com/legalsylvain) |
||||
|
|
||||
|
Maintainer |
||||
|
---------- |
||||
|
|
||||
|
.. image:: http://odoo-community.org/logo.png |
||||
|
:alt: Odoo Community Association |
||||
|
:target: http://odoo-community.org |
||||
|
|
||||
|
This module is maintained by the OCA. |
||||
|
|
||||
|
OCA, or the Odoo Community Association, is a nonprofit organization whose |
||||
|
mission is to support the collaborative development of Odoo features and |
||||
|
promote its widespread use. |
||||
|
|
||||
|
To contribute to this module, please visit http://odoo-community.org. |
@ -0,0 +1,3 @@ |
|||||
|
# -*- encoding: utf-8 -*- |
||||
|
from . import models |
||||
|
from . import controllers |
@ -0,0 +1,42 @@ |
|||||
|
# -*- encoding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# Tracks Authentication Attempts and Prevents Brute-force Attacks module |
||||
|
# Copyright (C) 2015-Today GRAP (http://www.grap.coop) |
||||
|
# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
|
||||
|
{ |
||||
|
'name': 'Authentification - Brute-force Attack', |
||||
|
'version': '8.0.1.0.0', |
||||
|
'category': 'base', |
||||
|
'summary': "Tracks Authentication Attempts and Prevents Brute-force" |
||||
|
" Attacks module", |
||||
|
'author': "GRAP,Odoo Community Association (OCA)", |
||||
|
'website': 'http://www.grap.coop', |
||||
|
'license': 'AGPL-3', |
||||
|
'depends': [ |
||||
|
'web', |
||||
|
], |
||||
|
'data': [ |
||||
|
'security/ir_model_access.yml', |
||||
|
'data/ir_config_parameter.xml', |
||||
|
'views/view.xml', |
||||
|
'views/action.xml', |
||||
|
'views/menu.xml', |
||||
|
], |
||||
|
} |
@ -0,0 +1,2 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
from . import controllers |
@ -0,0 +1,104 @@ |
|||||
|
# -*- encoding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# Tracks Authentication Attempts and Prevents Brute-force Attacks module |
||||
|
# Copyright (C) 2015-Today GRAP (http://www.grap.coop) |
||||
|
# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
|
||||
|
import logging |
||||
|
|
||||
|
from openerp import fields, http, registry, SUPERUSER_ID |
||||
|
from openerp.http import request |
||||
|
from openerp.addons.web.controllers.main import Home, ensure_db |
||||
|
|
||||
|
_logger = logging.getLogger(__name__) |
||||
|
|
||||
|
|
||||
|
class LoginController(Home): |
||||
|
@http.route() |
||||
|
def web_login(self, redirect=None, **kw): |
||||
|
if request.httprequest.method == 'POST': |
||||
|
ensure_db() |
||||
|
remote = request.httprequest.remote_addr |
||||
|
# Get registry and cursor |
||||
|
config_obj = registry(request.session.db)['ir.config_parameter'] |
||||
|
attempt_obj = registry( |
||||
|
request.session.db)['res.authentication.attempt'] |
||||
|
banned_remote_obj = registry( |
||||
|
request.session.db)['res.banned.remote'] |
||||
|
cursor = attempt_obj.pool.cursor() |
||||
|
|
||||
|
# Get Settings |
||||
|
max_attempts_qty = int(config_obj.search_read( |
||||
|
cursor, SUPERUSER_ID, |
||||
|
[('key', '=', 'auth_brute_force.max_attempt_qty')], |
||||
|
['value'])[0]['value']) |
||||
|
|
||||
|
# Test if remote user is banned |
||||
|
banned = banned_remote_obj.search(cursor, SUPERUSER_ID, [ |
||||
|
('remote', '=', remote)]) |
||||
|
if banned: |
||||
|
_logger.warning( |
||||
|
"Authentication tried from remote '%s'. The request has" |
||||
|
" been ignored because the remote has been banned after" |
||||
|
" %d attempts without success. Login tried : '%s'." % ( |
||||
|
remote, max_attempts_qty, request.params['login'])) |
||||
|
request.params['password'] = '' |
||||
|
|
||||
|
else: |
||||
|
# Try to authenticate |
||||
|
result = request.session.authenticate( |
||||
|
request.session.db, request.params['login'], |
||||
|
request.params['password']) |
||||
|
|
||||
|
# Log attempt |
||||
|
cursor.commit() |
||||
|
attempt_obj.create(cursor, SUPERUSER_ID, { |
||||
|
'attempt_date': fields.Datetime.now(), |
||||
|
'login': request.params['login'], |
||||
|
'remote': remote, |
||||
|
'result': banned and 'banned' or ( |
||||
|
result and 'successfull' or 'failed'), |
||||
|
}) |
||||
|
cursor.commit() |
||||
|
if not banned and not result: |
||||
|
# Get last bad attempts quantity |
||||
|
attempts_qty = len(attempt_obj.search_last_failed( |
||||
|
cursor, SUPERUSER_ID, remote)) |
||||
|
|
||||
|
if max_attempts_qty <= attempts_qty: |
||||
|
# We ban the remote |
||||
|
_logger.warning( |
||||
|
"Authentication failed from remote '%s'. " |
||||
|
"The remote has been banned. Login tried : '%s'." % ( |
||||
|
remote, request.params['login'])) |
||||
|
banned_remote_obj.create(cursor, SUPERUSER_ID, { |
||||
|
'remote': remote, |
||||
|
'ban_date': fields.Datetime.now(), |
||||
|
}) |
||||
|
cursor.commit() |
||||
|
|
||||
|
else: |
||||
|
_logger.warning( |
||||
|
"Authentication failed from remote '%s'." |
||||
|
" Login tried : '%s'. Attempt %d / %d." % ( |
||||
|
remote, request.params['login'], attempts_qty, |
||||
|
max_attempts_qty)) |
||||
|
cursor.close() |
||||
|
|
||||
|
return super(LoginController, self).web_login(redirect=redirect, **kw) |
@ -0,0 +1,29 @@ |
|||||
|
<?xml version="1.0" encoding="UTF-8"?> |
||||
|
<!-- ********************************************************************** --> |
||||
|
<!--Tracks Authentication Attempts and Prevents Brute-force Attacks module --> |
||||
|
<!--Copyright (C) 2015-Today GRAP (http://www.grap.coop) --> |
||||
|
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) --> |
||||
|
|
||||
|
<!--This program is free software: you can redistribute it and/or modify --> |
||||
|
<!--it under the terms of the GNU Affero General Public License as --> |
||||
|
<!--published by the Free Software Foundation, either version 3 of the --> |
||||
|
<!--License, or (at your option) any later version. --> |
||||
|
|
||||
|
<!--This program is distributed in the hope that it will be useful, --> |
||||
|
<!--but WITHOUT ANY WARRANTY; without even the implied warranty of --> |
||||
|
<!--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --> |
||||
|
<!--GNU Affero General Public License for more details. --> |
||||
|
|
||||
|
<!--You should have received a copy of the GNU Affero General Public License--> |
||||
|
<!--along with this program. If not, see <http://www.gnu.org/licenses/>. --> |
||||
|
<!-- ********************************************************************** --> |
||||
|
<openerp> |
||||
|
<data noupdate="1"> |
||||
|
|
||||
|
<record id="max_attempt_qty" model="ir.config_parameter"> |
||||
|
<field name="key">auth_brute_force.max_attempt_qty</field> |
||||
|
<field name="value">10</field> |
||||
|
</record> |
||||
|
|
||||
|
</data> |
||||
|
</openerp> |
@ -0,0 +1,150 @@ |
|||||
|
# Translation of Odoo Server. |
||||
|
# This file contains the translation of the following modules: |
||||
|
# * auth_brute_force |
||||
|
# |
||||
|
msgid "" |
||||
|
msgstr "" |
||||
|
"Project-Id-Version: Odoo Server 8.0\n" |
||||
|
"Report-Msgid-Bugs-To: \n" |
||||
|
"POT-Creation-Date: 2015-09-26 00:39+0000\n" |
||||
|
"PO-Revision-Date: 2015-09-26 00:39+0000\n" |
||||
|
"Last-Translator: <>\n" |
||||
|
"Language-Team: \n" |
||||
|
"MIME-Version: 1.0\n" |
||||
|
"Content-Type: text/plain; charset=UTF-8\n" |
||||
|
"Content-Transfer-Encoding: \n" |
||||
|
"Plural-Forms: \n" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_banned_remote.py:75 |
||||
|
#, python-format |
||||
|
msgid "%s %s - %s %s (ISP: %s)" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.banned.remote,active:0 |
||||
|
msgid "Active" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,attempt_date:0 |
||||
|
msgid "Attempt Date" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: model:ir.actions.act_window,name:auth_brute_force.action_res_authentication_attempt |
||||
|
#: model:ir.ui.menu,name:auth_brute_force.menu_res_authentication_attempt |
||||
|
msgid "Authentication Attempts" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,result:0 |
||||
|
msgid "Authentication Result" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.banned.remote,ban_date:0 |
||||
|
msgid "Ban Date" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_authentication_attempt.py:34 |
||||
|
#: view:res.authentication.attempt:auth_brute_force.view_res_authentication_attempt_search |
||||
|
#: selection:res.authentication.attempt,result:0 |
||||
|
#, python-format |
||||
|
msgid "Banned" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: model:ir.actions.act_window,name:auth_brute_force.action_res_banned_remote |
||||
|
#: model:ir.ui.menu,name:auth_brute_force.menu_res_banned_remote |
||||
|
msgid "Banned Remotes" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,create_uid:0 |
||||
|
#: field:res.banned.remote,create_uid:0 |
||||
|
msgid "Created by" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,create_date:0 |
||||
|
#: field:res.banned.remote,create_date:0 |
||||
|
msgid "Created on" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_authentication_attempt.py:33 |
||||
|
#: view:res.authentication.attempt:auth_brute_force.view_res_authentication_attempt_search |
||||
|
#: selection:res.authentication.attempt,result:0 |
||||
|
#, python-format |
||||
|
msgid "Failed" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,id:0 |
||||
|
#: field:res.banned.remote,id:0 |
||||
|
msgid "ID" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,write_uid:0 |
||||
|
#: field:res.banned.remote,write_uid:0 |
||||
|
msgid "Last Updated by" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,write_date:0 |
||||
|
#: field:res.banned.remote,write_date:0 |
||||
|
msgid "Last Updated on" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.banned.remote,name:0 |
||||
|
msgid "Name" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.banned.remote,description:0 |
||||
|
msgid "Remote Description" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,remote:0 |
||||
|
#: field:res.banned.remote,remote:0 |
||||
|
msgid "Remote ID" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: view:res.authentication.attempt:auth_brute_force.view_res_authentication_attempt_search |
||||
|
msgid "Successful" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_authentication_attempt.py:32 |
||||
|
#: selection:res.authentication.attempt,result:0 |
||||
|
#, python-format |
||||
|
msgid "Successfull" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,login:0 |
||||
|
msgid "Tried Login" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: help:res.banned.remote,active:0 |
||||
|
msgid "Uncheck this box to unban the remote" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_banned_remote.py:77 |
||||
|
#, python-format |
||||
|
msgid "Unidentified Call from %s" |
||||
|
msgstr "" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: view:res.authentication.attempt:auth_brute_force.view_res_authentication_attempt_search |
||||
|
msgid "Without Success" |
||||
|
msgstr "" |
||||
|
|
@ -0,0 +1,120 @@ |
|||||
|
# Translation of Odoo Server. |
||||
|
# This file contains the translation of the following modules: |
||||
|
# * auth_brute_force |
||||
|
# |
||||
|
msgid "" |
||||
|
msgstr "" |
||||
|
"Project-Id-Version: Odoo Server 8.0\n" |
||||
|
"Report-Msgid-Bugs-To: \n" |
||||
|
"POT-Creation-Date: 2015-09-26 00:34+0000\n" |
||||
|
"PO-Revision-Date: 2015-09-26 00:34+0000\n" |
||||
|
"Last-Translator: <>\n" |
||||
|
"Language-Team: \n" |
||||
|
"MIME-Version: 1.0\n" |
||||
|
"Content-Type: text/plain; charset=UTF-8\n" |
||||
|
"Content-Transfer-Encoding: \n" |
||||
|
"Plural-Forms: \n" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_banned_remote.py:75 |
||||
|
#, python-format |
||||
|
msgid "%s %s - %s %s (ISP: %s)" |
||||
|
msgstr "%s %s - %s %s (FAI : %s)" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.banned.remote,active:0 |
||||
|
msgid "Active" |
||||
|
msgstr "Active" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,attempt_date:0 |
||||
|
msgid "Attempt Date" |
||||
|
msgstr "Date de la tentative" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: model:ir.actions.act_window,name:auth_brute_force.action_res_authentication_attempt |
||||
|
#: model:ir.ui.menu,name:auth_brute_force.menu_res_authentication_attempt |
||||
|
msgid "Authentication Attempts" |
||||
|
msgstr "Tentative d'authentification" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,result:0 |
||||
|
msgid "Authentication Result" |
||||
|
msgstr "Résultat de l'authentification" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.banned.remote,ban_date:0 |
||||
|
msgid "Ban Date" |
||||
|
msgstr "Ban Date" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_authentication_attempt.py:34 |
||||
|
#: view:res.authentication.attempt:auth_brute_force.view_res_authentication_attempt_search |
||||
|
#: selection:res.authentication.attempt,result:0 |
||||
|
#, python-format |
||||
|
msgid "Banned" |
||||
|
msgstr "Banni" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: model:ir.actions.act_window,name:auth_brute_force.action_res_banned_remote |
||||
|
#: model:ir.ui.menu,name:auth_brute_force.menu_res_banned_remote |
||||
|
msgid "Banned Remotes" |
||||
|
msgstr "Clients distants bannis" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_authentication_attempt.py:33 |
||||
|
#: view:res.authentication.attempt:auth_brute_force.view_res_authentication_attempt_search |
||||
|
#: selection:res.authentication.attempt,result:0 |
||||
|
#, python-format |
||||
|
msgid "Failed" |
||||
|
msgstr "Echoué" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.banned.remote,name:0 |
||||
|
msgid "Name" |
||||
|
msgstr "Nom" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.banned.remote,description:0 |
||||
|
msgid "Description" |
||||
|
msgstr "Description" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,remote:0 |
||||
|
#: field:res.banned.remote,remote:0 |
||||
|
msgid "Remote ID" |
||||
|
msgstr "ID du client Distant" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: view:res.authentication.attempt:auth_brute_force.view_res_authentication_attempt_search |
||||
|
msgid "Successful" |
||||
|
msgstr "Réussie" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_authentication_attempt.py:32 |
||||
|
#: selection:res.authentication.attempt,result:0 |
||||
|
#, python-format |
||||
|
msgid "Successfull" |
||||
|
msgstr "Réussie" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: field:res.authentication.attempt,login:0 |
||||
|
msgid "Tried Login" |
||||
|
msgstr "Idenfiant essayé" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: help:res.banned.remote,active:0 |
||||
|
msgid "Uncheck this box to unban the remote" |
||||
|
msgstr "Décochez cette case afin d'annuler l'exclusion du client distant" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: code:addons/auth_brute_force/models/res_banned_remote.py:77 |
||||
|
#, python-format |
||||
|
msgid "Unidentified Call from %s" |
||||
|
msgstr "Appel non identifié depuis %s" |
||||
|
|
||||
|
#. module: auth_brute_force |
||||
|
#: view:res.authentication.attempt:auth_brute_force.view_res_authentication_attempt_search |
||||
|
msgid "Without Success" |
||||
|
msgstr "Sans succès" |
||||
|
|
@ -0,0 +1,3 @@ |
|||||
|
# -*- encoding: utf-8 -*- |
||||
|
from . import res_banned_remote |
||||
|
from . import res_authentication_attempt |
@ -0,0 +1,58 @@ |
|||||
|
# -*- encoding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# Tracks Authentication Attempts and Prevents Brute-force Attacks module |
||||
|
# Copyright (C) 2015-Today GRAP (http://www.grap.coop) |
||||
|
# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
|
||||
|
from openerp import models, fields, api |
||||
|
from openerp.tools.translate import _ |
||||
|
|
||||
|
|
||||
|
class ResAuthenticationAttempt(models.Model): |
||||
|
_name = 'res.authentication.attempt' |
||||
|
_order = 'attempt_date desc' |
||||
|
|
||||
|
_ATTEMPT_RESULT = [ |
||||
|
('successfull', _('Successfull')), |
||||
|
('failed', _('Failed')), |
||||
|
('banned', _('Banned')), |
||||
|
] |
||||
|
|
||||
|
# Column Section |
||||
|
attempt_date = fields.Datetime(string='Attempt Date') |
||||
|
|
||||
|
login = fields.Char(string='Tried Login') |
||||
|
|
||||
|
remote = fields.Char(string='Remote ID') |
||||
|
|
||||
|
result = fields.Selection( |
||||
|
selection=_ATTEMPT_RESULT, string='Authentication Result') |
||||
|
|
||||
|
# Custom Section |
||||
|
@api.model |
||||
|
def search_last_failed(self, remote): |
||||
|
last_ok = self.search( |
||||
|
[('result', '=', 'successfull'), ('remote', '=', remote)], |
||||
|
order='attempt_date desc', limit=1) |
||||
|
if last_ok: |
||||
|
return self.search([ |
||||
|
('remote', '=', remote), |
||||
|
('attempt_date', '>', last_ok.attempt_date)]) |
||||
|
else: |
||||
|
return self.search([('remote', '=', remote)]) |
@ -0,0 +1,71 @@ |
|||||
|
# -*- encoding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# Tracks Authentication Attempts and Prevents Brute-force Attacks module |
||||
|
# Copyright (C) 2015-Today GRAP (http://www.grap.coop) |
||||
|
# @author Sylvain LE GAL (https://twitter.com/legalsylvain) |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
|
||||
|
import urllib |
||||
|
import json |
||||
|
|
||||
|
from openerp import models, fields, api |
||||
|
|
||||
|
|
||||
|
class ResBannedRemote(models.Model): |
||||
|
_name = 'res.banned.remote' |
||||
|
_rec_name = 'remote' |
||||
|
|
||||
|
_GEOLOCALISATION_URL = "http://ip-api.com/json/{}" |
||||
|
|
||||
|
# Default Section |
||||
|
def _default_ban_date(self): |
||||
|
return fields.Datetime.now() |
||||
|
|
||||
|
# Column Section |
||||
|
description = fields.Text( |
||||
|
string='Description', compute='_compute_description', store=True) |
||||
|
|
||||
|
ban_date = fields.Datetime( |
||||
|
string='Ban Date', required=True, default=_default_ban_date) |
||||
|
|
||||
|
remote = fields.Char(string='Remote ID', required=True) |
||||
|
|
||||
|
active = fields.Boolean( |
||||
|
string='Active', help="Uncheck this box to unban the remote", |
||||
|
default=True) |
||||
|
|
||||
|
attempt_ids = fields.Many2many( |
||||
|
comodel_name='res.authentication.attempt', string='Attempts', |
||||
|
compute='_compute_attempt_ids') |
||||
|
|
||||
|
# Compute Section |
||||
|
@api.multi |
||||
|
@api.depends('remote') |
||||
|
def _compute_description(self): |
||||
|
for item in self: |
||||
|
url = self._GEOLOCALISATION_URL.format(item.remote) |
||||
|
res = json.loads(urllib.urlopen(url).read()) |
||||
|
item.description = '' |
||||
|
for k, v in res.iteritems(): |
||||
|
item.description += '%s : %s\n' % (k, v) |
||||
|
|
||||
|
@api.multi |
||||
|
def _compute_attempt_ids(self): |
||||
|
for item in self: |
||||
|
attempt_obj = self.env['res.authentication.attempt'] |
||||
|
item.attempt_ids = attempt_obj.search_last_failed(item.remote).ids |
@ -0,0 +1,28 @@ |
|||||
|
# -*- encoding: utf-8 -*- |
||||
|
- !record {model: ir.model.access, id: access_res_authentication_attempt_all}: |
||||
|
model_id: model_res_authentication_attempt |
||||
|
name: Authentication Attempt All Users |
||||
|
perm_read: true |
||||
|
|
||||
|
- !record {model: ir.model.access, id: access_res_banned_remote_all}: |
||||
|
model_id: model_res_banned_remote |
||||
|
name: Banned Remote All Users |
||||
|
perm_read: true |
||||
|
|
||||
|
- !record {model: ir.model.access, id: access_res_authentication_attempt_manager}: |
||||
|
group_id: base.group_system |
||||
|
model_id: model_res_authentication_attempt |
||||
|
name: Authentication Attempt Manager |
||||
|
perm_create: true |
||||
|
perm_read: true |
||||
|
perm_write: true |
||||
|
perm_unlink: true |
||||
|
|
||||
|
- !record {model: ir.model.access, id: access_res_banned_remote_manager}: |
||||
|
group_id: base.group_system |
||||
|
model_id: model_res_banned_remote |
||||
|
name: Banned Remote Manager |
||||
|
perm_create: true |
||||
|
perm_read: true |
||||
|
perm_write: true |
||||
|
perm_unlink: true |
After Width: 128 | Height: 128 | Size: 9.2 KiB |
After Width: 915 | Height: 262 | Size: 29 KiB |
After Width: 601 | Height: 331 | Size: 31 KiB |
@ -0,0 +1,39 @@ |
|||||
|
<?xml version="1.0" encoding="UTF-8"?> |
||||
|
<!-- ********************************************************************** --> |
||||
|
<!--Tracks Authentication Attempts and Prevents Brute-force Attacks module --> |
||||
|
<!--Copyright (C) 2015-Today GRAP (http://www.grap.coop) --> |
||||
|
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) --> |
||||
|
|
||||
|
<!--This program is free software: you can redistribute it and/or modify --> |
||||
|
<!--it under the terms of the GNU Affero General Public License as --> |
||||
|
<!--published by the Free Software Foundation, either version 3 of the --> |
||||
|
<!--License, or (at your option) any later version. --> |
||||
|
|
||||
|
<!--This program is distributed in the hope that it will be useful, --> |
||||
|
<!--but WITHOUT ANY WARRANTY; without even the implied warranty of --> |
||||
|
<!--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --> |
||||
|
<!--GNU Affero General Public License for more details. --> |
||||
|
|
||||
|
<!--You should have received a copy of the GNU Affero General Public License--> |
||||
|
<!--along with this program. If not, see <http://www.gnu.org/licenses/>. --> |
||||
|
<!-- ********************************************************************** --> |
||||
|
<openerp> |
||||
|
<data> |
||||
|
|
||||
|
<record id="action_res_authentication_attempt" model="ir.actions.act_window"> |
||||
|
<field name="name">Authentication Attempts</field> |
||||
|
<field name="res_model">res.authentication.attempt</field> |
||||
|
<field name="view_type">form</field> |
||||
|
<field name="view_mode">tree,graph</field> |
||||
|
<field name="context">{"search_default_filter_no_success":1}</field> |
||||
|
</record> |
||||
|
|
||||
|
<record id="action_res_banned_remote" model="ir.actions.act_window"> |
||||
|
<field name="name">Banned Remotes</field> |
||||
|
<field name="res_model">res.banned.remote</field> |
||||
|
<field name="view_type">form</field> |
||||
|
<field name="view_mode">tree,form</field> |
||||
|
</record> |
||||
|
|
||||
|
</data> |
||||
|
</openerp> |
@ -0,0 +1,32 @@ |
|||||
|
<?xml version="1.0" encoding="UTF-8"?> |
||||
|
<!-- ********************************************************************** --> |
||||
|
<!--Tracks Authentication Attempts and Prevents Brute-force Attacks module --> |
||||
|
<!--Copyright (C) 2015-Today GRAP (http://www.grap.coop) --> |
||||
|
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) --> |
||||
|
|
||||
|
<!--This program is free software: you can redistribute it and/or modify --> |
||||
|
<!--it under the terms of the GNU Affero General Public License as --> |
||||
|
<!--published by the Free Software Foundation, either version 3 of the --> |
||||
|
<!--License, or (at your option) any later version. --> |
||||
|
|
||||
|
<!--This program is distributed in the hope that it will be useful, --> |
||||
|
<!--but WITHOUT ANY WARRANTY; without even the implied warranty of --> |
||||
|
<!--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --> |
||||
|
<!--GNU Affero General Public License for more details. --> |
||||
|
|
||||
|
<!--You should have received a copy of the GNU Affero General Public License--> |
||||
|
<!--along with this program. If not, see <http://www.gnu.org/licenses/>. --> |
||||
|
<!-- ********************************************************************** --> |
||||
|
<openerp> |
||||
|
<data> |
||||
|
|
||||
|
<menuitem id="menu_res_authentication_attempt" |
||||
|
parent="base.menu_users" |
||||
|
action="action_res_authentication_attempt"/> |
||||
|
|
||||
|
<menuitem id="menu_res_banned_remote" |
||||
|
parent="base.menu_users" |
||||
|
action="action_res_banned_remote"/> |
||||
|
|
||||
|
</data> |
||||
|
</openerp> |
@ -0,0 +1,98 @@ |
|||||
|
<?xml version="1.0" encoding="UTF-8"?> |
||||
|
<!-- ********************************************************************** --> |
||||
|
<!--Tracks Authentication Attempts and Prevents Brute-force Attacks module --> |
||||
|
<!--Copyright (C) 2015-Today GRAP (http://www.grap.coop) --> |
||||
|
<!--@author Sylvain LE GAL (https://twitter.com/legalsylvain) --> |
||||
|
|
||||
|
<!--This program is free software: you can redistribute it and/or modify --> |
||||
|
<!--it under the terms of the GNU Affero General Public License as --> |
||||
|
<!--published by the Free Software Foundation, either version 3 of the --> |
||||
|
<!--License, or (at your option) any later version. --> |
||||
|
|
||||
|
<!--This program is distributed in the hope that it will be useful, --> |
||||
|
<!--but WITHOUT ANY WARRANTY; without even the implied warranty of --> |
||||
|
<!--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --> |
||||
|
<!--GNU Affero General Public License for more details. --> |
||||
|
|
||||
|
<!--You should have received a copy of the GNU Affero General Public License--> |
||||
|
<!--along with this program. If not, see <http://www.gnu.org/licenses/>. --> |
||||
|
<!-- ********************************************************************** --> |
||||
|
<openerp> |
||||
|
<data> |
||||
|
|
||||
|
<!-- Model: res.authentication.attempt --> |
||||
|
<record id="view_res_authentication_attempt_tree" model="ir.ui.view"> |
||||
|
<field name="model">res.authentication.attempt</field> |
||||
|
<field name="arch" type="xml"> |
||||
|
<tree colors="orange: result == 'failed';red: result == 'banned'"> |
||||
|
<field name="attempt_date" /> |
||||
|
<field name="remote" /> |
||||
|
<field name="login" /> |
||||
|
<field name="result" /> |
||||
|
</tree> |
||||
|
</field> |
||||
|
</record> |
||||
|
|
||||
|
<record id="view_res_authentication_attempt_graph" model="ir.ui.view"> |
||||
|
<field name="model">res.authentication.attempt</field> |
||||
|
<field name="arch" type="xml"> |
||||
|
<graph> |
||||
|
<field name="attempt_date" /> |
||||
|
<field name="result" /> |
||||
|
</graph> |
||||
|
</field> |
||||
|
</record> |
||||
|
|
||||
|
<record id="view_res_authentication_attempt_search" model="ir.ui.view"> |
||||
|
<field name="model">res.authentication.attempt</field> |
||||
|
<field name="arch" type="xml"> |
||||
|
<search> |
||||
|
<field name="login"/> |
||||
|
<filter name="filter_no_success" string="Without Success" domain="[('result','!=', 'successfull')]"/> |
||||
|
<filter name="filter_banned" string="Banned" domain="[('result','=', 'banned')]"/> |
||||
|
<filter name="filter_failed" string="Failed" domain="[('result','=', 'failed')]"/> |
||||
|
<filter name="filter_successful" string="Successful" domain="[('result','=', 'successfull')]"/> |
||||
|
</search> |
||||
|
</field> |
||||
|
</record> |
||||
|
|
||||
|
<!-- Model: res.banned.remote --> |
||||
|
<record id="view_res_banned_remote_tree" model="ir.ui.view"> |
||||
|
<field name="model">res.banned.remote</field> |
||||
|
<field name="arch" type="xml"> |
||||
|
<tree colors="gray: active==False"> |
||||
|
<field name="remote" /> |
||||
|
<field name="ban_date" /> |
||||
|
<field name="active" invisible="1" /> |
||||
|
</tree> |
||||
|
</field> |
||||
|
</record> |
||||
|
|
||||
|
<record id="view_res_banned_remote_form" model="ir.ui.view"> |
||||
|
<field name="model">res.banned.remote</field> |
||||
|
<field name="arch" type="xml"> |
||||
|
<form> |
||||
|
<sheet> |
||||
|
<group> |
||||
|
<field name="remote" /> |
||||
|
<field name="ban_date" /> |
||||
|
<field name="active" /> |
||||
|
<field name="description" /> |
||||
|
<field name="attempt_ids" /> |
||||
|
</group> |
||||
|
</sheet> |
||||
|
</form> |
||||
|
</field> |
||||
|
</record> |
||||
|
|
||||
|
<record id="view_res_banned_remote_search" model="ir.ui.view"> |
||||
|
<field name="model">res.banned.remote</field> |
||||
|
<field name="arch" type="xml"> |
||||
|
<search> |
||||
|
<field name="remote"/> |
||||
|
</search> |
||||
|
</field> |
||||
|
</record> |
||||
|
|
||||
|
</data> |
||||
|
</openerp> |
Write
Preview
Loading…
Cancel
Save
Reference in new issue