Add an option to disable the bruteForce test (and thus the Captcha)

cdujeu · cdujeu · commit 51c2fa58baed · 2015-01-26T16:48:28.000+01:00
diff --git a/core/src/core/classes/class.AuthService.php b/core/src/core/classes/class.AuthService.php
@@ -191,8 +191,8 @@ public static function checkBruteForceLogin(&$loginArray)
         } else $login = array("count"=>1, "time"=>time());
         $loginArray[$serverAddress] = $login;
         if ($login["count"] > 3) {
-            if (AJXP_SERVER_DEBUG) {
-                AJXP_Logger::debug("DEBUG : IGNORING BRUTE FORCE ATTEMPTS!");
+            if (AJXP_SERVER_DEBUG || ConfService::getCoreConf("DISABLE_BRUTE_FORCE_CHECK", "auth") === true) {
+                AJXP_Logger::debug("Warning: failed login 3 time for $login from address $serverAddress! Captcha is disabled.");
                 return true;
             }
             return FALSE;
diff --git a/core/src/plugins/core.auth/manifest.xml b/core/src/plugins/core.auth/manifest.xml
@@ -15,6 +15,7 @@
 		<global_param name="SECURE_LOGIN_FORM" group="CONF_MESSAGE[Login Form]"  type="boolean" label="CONF_MESSAGE[Secure Login Form]" description="CONF_MESSAGE[Raise the security of the login form by disabling autocompletion and remember me feature]" mandatory="true" default="false" expose="true"/>
 		<global_param name="ENABLE_FORGOT_PASSWORD" group="CONF_MESSAGE[Login Form]"  type="boolean" label="CONF_MESSAGE[Enable Forgot Password]" description="CONF_MESSAGE[Add a Forgot Password link at the bottom of the login form]" mandatory="true" default="false" expose="true"/>
 		<global_param name="FORGOT_PASSWORD_ACTION" group="CONF_MESSAGE[Login Form]"  type="string" label="CONF_MESSAGE[Forgot Password Action]" description="CONF_MESSAGE[Action to trigger when clicking on Forgot Password]" mandatory="true" default="reset-password-ask" expose="true"/>
+		<global_param name="DISABLE_BRUTE_FORCE_CHECK" group="CONF_MESSAGE[Login Form]"  type="boolean" label="CONF_MESSAGE[Disable Brute Force Check (Captcha)]" description="CONF_MESSAGE[Disable the check of failed login attempts, will disable the Captcha display]" default="false"/>
         <global_param type="plugin_instance:auth" name="MASTER_INSTANCE_CONFIG" group="CONF_MESSAGE[Main Instance]" label="CONF_MESSAGE[Instance Type]" description="CONF_MESSAGE[Choose the configuration plugin]" mandatory="true" default="auth.serial"/>
 
         <global_param group="CONF_MESSAGE[Secondary Instance (optional)]" name="MULTI_MODE" type="group_switch:multimode" label="CONF_MESSAGE[Mode]" description="CONF_MESSAGE[Master/slave will assume that the master is read-only, and the slave is a local alternative to allow sharing features. User Choice will allow the user to manually choose its authentification method at startup.]" mandatory="true" default="MASTER_SLAVE"/>
