From 4a949dfbafb143af43408b38f5a798b017c57fa0 Mon Sep 17 00:00:00 2001 From: Luis Majano Date: Thu, 19 Oct 2023 17:50:33 +0200 Subject: [PATCH] CONTENTBOX-1488 #resolve latest logins should only be displayed if the tracker is enabled --- box.json | 2 +- modules/contentbox/config/Scheduler.cfc | 13 ++++++- .../models/comments/CommentService.cfc | 1 - .../models/security/LoginTracker.cfc | 8 ---- .../models/security/LoginTrackerService.cfc | 38 ++++++++++++------- .../views/dashboard/index.cfm | 5 ++- .../views/dashboard/indexHelper.cfm | 2 +- 7 files changed, 42 insertions(+), 27 deletions(-) diff --git a/box.json b/box.json index b337a02e6f..aaf813ed87 100644 --- a/box.json +++ b/box.json @@ -53,7 +53,7 @@ "dbseed:postgres":"task run contentbox/modules/seeders/SeedPostgreSQL.cfc", "format":"cfformat run config/**/*.cfc,modules_app/**/*.cfc,modules/contentbox/**/*.cfc,tests/**/*.cfc,Application.cfc --overwrite", "format:watch":"cfformat watch config/**/*.cfc,modules_app/**/*.cfc,modules/contentbox/**/*.cfc,tests/**/*.cfc,Application.cfc ./.cfformat.json", - "format:watch:core":"cfformat watch config/**/*.cfc,modules/contentbox/models/**/*.cfc,tests/**/*.cfc,Application.cfc ./.cfformat.json", + "format:watch:core":"cfformat watch config/**/*.cfc,modules/contentbox/models/**/*.cfc,Application.cfc ./.cfformat.json", "format:check":"cfformat check config/**/*.cfc,modules_app/**/*.cfc,modules/contentbox/**/*.cfc,tests/**/*.cfc,Application.cfc", "start:lucee":"server start serverConfigFile='server-lucee@5.json' --force", "start:2018":"server start serverConfigFile='server-adobe@2018.json' --force", diff --git a/modules/contentbox/config/Scheduler.cfc b/modules/contentbox/config/Scheduler.cfc index 7ed70d03bb..edb2c171db 100644 --- a/modules/contentbox/config/Scheduler.cfc +++ b/modules/contentbox/config/Scheduler.cfc @@ -23,9 +23,19 @@ component { * that you can use to register your tasks configurations. */ + // Rotates the login audit logs + task( "login-tracker-rotation" ) + .call( () => { + getInstance( "LoginTrackerService@contentbox" ).rotate(); + } ) + .everyHour() + .delay( 1, "hours" ) + .onOneServer(); + ; + // Deletes all moderated comments that have expired in the inbox task( "comment-expirations" ) - .call( function(){ + .call( () => { getInstance( "siteService@contentbox" ) .getAll() .each( function( thisSite ){ @@ -53,7 +63,6 @@ component { } ); } ) .everyHour() - // Don't start it immediately, wait an hour. Especially so tests can pass if enabled in tests. .delay( 1, "hours" ) .onOneServer(); } diff --git a/modules/contentbox/models/comments/CommentService.cfc b/modules/contentbox/models/comments/CommentService.cfc index 34c2fe7e9a..e8764fc26b 100755 --- a/modules/contentbox/models/comments/CommentService.cfc +++ b/modules/contentbox/models/comments/CommentService.cfc @@ -15,7 +15,6 @@ component extends="cborm.models.VirtualEntityService" singleton { property name="CBHelper" inject="id:CBHelper@contentbox"; property name="log" inject="logbox:logger:{this}"; property name="interceptorService" inject="coldbox:interceptorService"; - property name="loginTrackerService" inject="loginTrackerService@contentbox"; /** * Constructor diff --git a/modules/contentbox/models/security/LoginTracker.cfc b/modules/contentbox/models/security/LoginTracker.cfc index 5a86c0de1f..8ba2f8b93e 100644 --- a/modules/contentbox/models/security/LoginTracker.cfc +++ b/modules/contentbox/models/security/LoginTracker.cfc @@ -22,14 +22,6 @@ component extends="coldbox.system.Interceptor" { return this; } - /** - * Listen to end of requests to do log rotation for auth logs for login events only. - */ - function postProcess( event, data ) async="true" eventPattern="security\.doLogin"{ - // Do log rotation - loginTrackerService.rotate(); - } - /** * Before login check if user has been blocked. It will verify login attempts * by username and IP address and block accordingly. diff --git a/modules/contentbox/models/security/LoginTrackerService.cfc b/modules/contentbox/models/security/LoginTrackerService.cfc index 2424c61a82..7f1953b494 100644 --- a/modules/contentbox/models/security/LoginTrackerService.cfc +++ b/modules/contentbox/models/security/LoginTrackerService.cfc @@ -25,8 +25,10 @@ component extends="cborm.models.VirtualEntityService" singleton { * Verify if an attempt is being blocked or not * * @attempt The login attempt object + * + * @return If the attempt was blocked or not */ - boolean function isblocked( LoginAttempt attempt ){ + boolean function isBlocked( LoginAttempt attempt ){ var max_attempts = variables.settingService.getSetting( "cb_security_max_attempts" ); var max_blockTime = variables.settingService.getSetting( "cb_security_blocktime" ); @@ -80,39 +82,49 @@ component extends="cborm.models.VirtualEntityService" singleton { return this; } - /* + /** * Rotate auth logs + * Usually called by the {@code LoginTracker} Interceptor asynchronously */ LoginTrackerService function rotate(){ + // if disabled, we do not track logins + if ( !settingService.getSetting( "cb_security_login_blocker" ) ) { + log.debug( "Rotation not enabled since the security login blocker is disabled" ); + return this; + } + var maxLogs = variables.settingService.getSetting( "cb_security_max_auth_logs" ); - var maxLogs = 4; + var maxLogs = 2; var totalLogs = count(); // only if we have a max logs and we have gone above max logs, let's truncate - if ( len( maxLogs ) && totalLogs > maxLogs ) { - var c = newCriteria(); - // Get IDs to delete - var aToDelete = c + if ( len( maxLogs ) && isNumeric( maxLogs ) && totalLogs > maxLogs ) { + var aToDelete = newCriteria() .withProjections( property = "loginAttemptsID" ) .list( max = ( totalLogs - maxLogs ), sortOrder = "createdDate ASC" ); var hql = " - DELETE - FROM cbLoginAttempt - WHERE loginAttemptsID in (:toDelete) + DELETE FROM cbLoginAttempt + WHERE id IN :idsToDelete "; - var params = { "toDelete" : aToDelete }; // run it - var results = executeQuery( query = hql, params = params, asQuery = false ); + var results = executeQuery( + query : hql, + params : { "idsToDelete" : aToDelete }, + asQuery: false + ); + // log it log.info( "Rotated auth logs", results ); + } else { + log.debug( "No auth logs to rotate" ); } return this; } - /* + /** * Reset login attempts if the time limit is reached */ LoginTrackerService function reset(){ diff --git a/modules/contentbox/modules/contentbox-admin/views/dashboard/index.cfm b/modules/contentbox/modules/contentbox-admin/views/dashboard/index.cfm index 322ccb23c5..763cfcfcf5 100755 --- a/modules/contentbox/modules/contentbox-admin/views/dashboard/index.cfm +++ b/modules/contentbox/modules/contentbox-admin/views/dashboard/index.cfm @@ -169,7 +169,10 @@ - +

diff --git a/modules/contentbox/modules/contentbox-admin/views/dashboard/indexHelper.cfm b/modules/contentbox/modules/contentbox-admin/views/dashboard/indexHelper.cfm index e933efee45..be2fb03d5f 100755 --- a/modules/contentbox/modules/contentbox-admin/views/dashboard/indexHelper.cfm +++ b/modules/contentbox/modules/contentbox-admin/views/dashboard/indexHelper.cfm @@ -26,7 +26,7 @@ document.addEventListener( "DOMContentLoaded", () => { $( "##latestSnapshot" ).load( '#event.buildLink( prc.xehLatestSnapshot )#' ); - + // Load latest logsin $( "##latestLogins" ).load( '#event.buildLink( prc.xehLatestLogins )#' );