forked from zammad/zammad
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.rb
58 lines (45 loc) · 1.4 KB
/
auth.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
class Auth
attr_reader :user, :password, :auth_user
delegate :user, to: :auth_user
attr_accessor :increase_login_failed_attempts
BRUTE_FORCE_SLEEP = 1.second
# Initializes a Auth object for the given user.
#
# @param username [String] the user name for the user object which needs an authentication.
#
# @example
# auth = Auth.new('[email protected]', 'some+password')
def initialize(username, password)
@auth_user = username.present? ? Auth::User.new(username) : nil
@password = password
@increase_login_failed_attempts = false
end
# Validates the given credentials for the user to the configured auth backends which should
# be performed.
#
# @return [Boolean] true if the user was authenticated, otherwise false.
def valid?
# Wrap in a lock to synchronize concurrent requests.
validated = auth_user&.user&.with_lock do
next false if !auth_user.can_login?
next true if backends.valid?
auth_user.increase_login_failed if increase_login_failed_attempts
false
end
if validated
auth_user.update_last_login
return true
end
avoid_brute_force_attack
false
end
private
# Sleep for a second to avoid brute force attacks.
def avoid_brute_force_attack
sleep BRUTE_FORCE_SLEEP
end
def backends
Auth::Backend.new(self)
end
end