[Gemstracker-svn] SF.net SVN: gemstracker:[736] trunk/library/classes/Gems/User/User.php

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 736
          http://gemstracker.svn.sourceforge.net/gemstracker/?rev=736&view=rev
Author:   mennodekker
Date:     2012-06-05 08:33:42 +0000 (Tue, 05 Jun 2012)
Log Message:
-----------
Check for blocked logins first
Only increment failed logins when password failed (use case: project admin tried from not allowed ip blocks access from valid location)

Modified Paths:
--------------
    trunk/library/classes/Gems/User/User.php

Modified: trunk/library/classes/Gems/User/User.php
===================================================================

--- trunk/library/classes/Gems/User/User.php	2012-06-04 13:13:16 UTC (rev 735)
+++ trunk/library/classes/Gems/User/User.php	2012-06-05 08:33:42 UTC (rev 736)
@@ -238,7 +238,7 @@
      *
      * @param Zend_Auth_Result $result
      */
-    protected function afterAuthorization(Zend_Auth_Result $result)
+    protected function afterAuthorization(Zend_Auth_Result $result, $lastAuthorizer = null)
     {
         try {
             $select = $this->db->select();
@@ -256,7 +256,7 @@
                 $values['gula_failed_logins']   = 0;
                 $values['gula_last_failed']     = null;
                 $values['gula_block_until']     = null;
-                $values['since_last']           = $this->failureBlockCount + 1;
+                $values['since_last']           = $this->failureIgnoreTime + 1;
             }
 
             if ($result->isValid()) {
@@ -270,7 +270,8 @@
                 // Reset the counters when the last login was longer ago than the delay factor
                 if ($values['since_last'] > $this->failureIgnoreTime) {
                     $values['gula_failed_logins'] = 1;
-                } else {
+                } elseif ($lastAuthorizer === 'pwd') {
+                    // Only increment failed login when password failed
                     $values['gula_failed_logins'] += 1;
                 }
 
@@ -288,6 +289,7 @@
 
                 // Always record the last fail
                 $values['gula_last_failed']     = new Zend_Db_Expr('CURRENT_TIMESTAMP');
+                $values['gula_failed_logins']   = max(1, $values['gula_failed_logins']);
 
                 // Response gets slowly slower
                 $sleepTime = min($values['gula_failed_logins'] - 1, 10) * 2;
@@ -323,7 +325,8 @@
     {
         $auths = $this->loadAuthorizers($password);
 
-        foreach ($auths as $result) {
+        $lastAuthorizer = null;
+        foreach ($auths as $lastAuthorizer => $result) {
             if (is_callable($result)) {
                 $result = call_user_func($result);
             }
@@ -357,7 +360,7 @@
             }
         }
 
-        $this->afterAuthorization($result);
+        $this->afterAuthorization($result, $lastAuthorizer);
 
         // MUtil_Echo::track($result);
         $this->_authResult = $result;
@@ -1086,16 +1089,16 @@
      */
     protected function loadAuthorizers($password)
     {
+        if ($this->isBlockable()) {
+            $auths['block'] = array($this, 'authorizeBlock');
+        }
+        
         // organization ip restriction
         $auths['orgip'] = array($this, 'authorizeOrgIp');
 
         // group ip restriction
         $auths['ip'] = array($this, 'authorizeIp');
 
-        if ($this->isBlockable()) {
-            $auths['block'] = array($this, 'authorizeBlock');
-        }
-
         if ($this->isActive()) {
             $auths['pwd'] = $this->definition->getAuthAdapter($this, $password);
         } else {

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



