qBittorrent
authcontroller.cpp
Go to the documentation of this file.
1 /*
2  * Bittorrent Client using Qt and libtorrent.
3  * Copyright (C) 2018 Vladimir Golovnev <glassez@yandex.ru>
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * as published by the Free Software Foundation; either version 2
8  * of the License, or (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18  *
19  * In addition, as a special exception, the copyright holders give permission to
20  * link this program with the OpenSSL project's "OpenSSL" library (or with
21  * modified versions of it that use the same license as the "OpenSSL" library),
22  * and distribute the linked executables. You must obey the GNU General Public
23  * License in all respects for all of the code used other than "OpenSSL". If you
24  * modify file(s), you may extend this exception to your version of the file(s),
25  * but you are not obligated to do so. If you do not wish to do so, delete this
26  * exception statement from your version.
27  */
28 
29 #include "authcontroller.h"
30 
31 #include <QString>
32 
33 #include "base/logger.h"
34 #include "base/preferences.h"
35 #include "base/utils/password.h"
36 #include "apierror.h"
37 #include "isessionmanager.h"
38 
40 {
41  if (sessionManager()->session())
42  {
43  setResult(QLatin1String("Ok."));
44  return;
45  }
46 
47  const QString clientAddr {sessionManager()->clientId()};
48  const QString usernameFromWeb {params()["username"]};
49  const QString passwordFromWeb {params()["password"]};
50 
51  if (isBanned())
52  {
53  LogMsg(tr("WebAPI login failure. Reason: IP has been banned, IP: %1, username: %2")
54  .arg(clientAddr, usernameFromWeb)
55  , Log::WARNING);
57  , tr("Your IP address has been banned after too many failed authentication attempts."));
58  }
59 
60  const Preferences *pref = Preferences::instance();
61 
62  const QString username {pref->getWebUiUsername()};
63  const QByteArray secret {pref->getWebUIPassword()};
64  const bool usernameEqual = Utils::Password::slowEquals(usernameFromWeb.toUtf8(), username.toUtf8());
65  const bool passwordEqual = Utils::Password::PBKDF2::verify(secret, passwordFromWeb);
66 
67  if (usernameEqual && passwordEqual)
68  {
69  m_clientFailedLogins.remove(clientAddr);
70 
72  setResult(QLatin1String("Ok."));
73  LogMsg(tr("WebAPI login success. IP: %1").arg(clientAddr));
74  }
75  else
76  {
77  if (Preferences::instance()->getWebUIMaxAuthFailCount() > 0)
79  setResult(QLatin1String("Fails."));
80  LogMsg(tr("WebAPI login failure. Reason: invalid credentials, attempt count: %1, IP: %2, username: %3")
81  .arg(QString::number(failedAttemptsCount()), clientAddr, usernameFromWeb)
82  , Log::WARNING);
83  }
84 }
85 
87 {
89 }
90 
92 {
93  const auto failedLoginIter = m_clientFailedLogins.find(sessionManager()->clientId());
94  if (failedLoginIter == m_clientFailedLogins.end())
95  return false;
96 
97  bool isBanned = (failedLoginIter->banTimer.remainingTime() >= 0);
98  if (isBanned && failedLoginIter->banTimer.hasExpired())
99  {
100  m_clientFailedLogins.erase(failedLoginIter);
101  isBanned = false;
102  }
103 
104  return isBanned;
105 }
106 
108 {
109  return m_clientFailedLogins.value(sessionManager()->clientId()).failedAttemptsCount;
110 }
111 
113 {
114  Q_ASSERT(Preferences::instance()->getWebUIMaxAuthFailCount() > 0);
115 
117  ++failedLogin.failedAttemptsCount;
118 
120  {
121  // Max number of failed attempts reached
122  // Start ban period
123  failedLogin.banTimer.setRemainingTime(Preferences::instance()->getWebUIBanDuration());
124  }
125 }
const StringMap & params() const
ISessionManager * sessionManager() const
void setResult(const QString &result)
bool isBanned() const
int failedAttemptsCount() const
QHash< QString, FailedLogin > m_clientFailedLogins
void increaseFailedAttempts()
void logoutAction() const
static Preferences * instance()
int getWebUIMaxAuthFailCount() const
QByteArray getWebUIPassword() const
QString getWebUiUsername() const
void LogMsg(const QString &message, const Log::MsgType &type)
Definition: logger.cpp:125
@ WARNING
Definition: logger.h:47
bool verify(const QByteArray &secret, const QString &password)
Definition: password.cpp:95
bool slowEquals(const QByteArray &a, const QByteArray &b)
Definition: password.cpp:56
virtual QString clientId() const =0
virtual void sessionEnd()=0
virtual void sessionStart()=0