WIP: Protect against brute force (frequent) login attempts (#10031)
* db: add login attempt migrations * db: add possibility to create login attempts * db: add possibility to retrieve login attempt count per username * auth: validation and update of login attempts for invalid credentials If login attempt count for user authenticating is 5 or more the last 5 minutes we temporarily block the user access to login * db: add possibility to delete expired login attempts * cleanup: Delete login attempts older than 10 minutes The cleanup job are running continuously and triggering each 10 minute * fix typo: rename consequent to consequent * auth: enable login attempt validation for ldap logins * auth: disable login attempts validation by configuration Setting is named DisableLoginAttemptsValidation and is false by default Config disable_login_attempts_validation is placed under security section #7616 * auth: don't run cleanup of login attempts if feature is disabled #7616 * auth: rename settings.go to ldap_settings.go * auth: refactor AuthenticateUser Extract grafana login, ldap login and login attemp validation together with their tests to separate files. Enables testing of many more aspects when authenticating a user. #7616 * auth: rename login attempt validation to brute force login protection Setting DisableLoginAttemptsValidation => DisableBruteForceLoginProtection Configuration disable_login_attempts_validation => disable_brute_force_login_protection #7616
Showing
pkg/login/auth_test.go
0 → 100644
pkg/login/brute_force_login_protection.go
0 → 100644
pkg/login/grafana_login.go
0 → 100644
pkg/login/grafana_login_test.go
0 → 100644
pkg/login/ldap_login.go
0 → 100644
pkg/login/ldap_login_test.go
0 → 100644
pkg/models/login_attempt.go
0 → 100644
pkg/services/sqlstore/login_attempt.go
0 → 100644
pkg/services/sqlstore/login_attempt_test.go
0 → 100644
Please
register
or
sign in
to comment