Apply firewall security on BaseForm::validateForm
modified: core/lib/Thelia/Controller/BaseController.php modified: core/lib/Thelia/Form/AddressCreateForm.php new file: core/lib/Thelia/Form/FirewallForm.php modified: core/lib/Thelia/Model/FormFirewall.php modified: setup/insert.sql
This commit is contained in:
lovenunu
committed by
Benjamin Perche
Benjamin Perche
parent
b42ff568e0
commit
978f15357c
@@ -21,7 +21,7 @@ use Thelia\Core\Translation\Translator;
|
||||
* @package Thelia\Form
|
||||
* @author Manuel Raynaud <mraynaud@openstudio.fr>
|
||||
*/
|
||||
class AddressCreateForm extends BaseForm
|
||||
class AddressCreateForm extends FirewallForm
|
||||
{
|
||||
|
||||
/**
|
||||
|
||||
96
core/lib/Thelia/Form/FirewallForm.php
Normal file
96
core/lib/Thelia/Form/FirewallForm.php
Normal file
@@ -0,0 +1,96 @@
|
||||
<?php
|
||||
/*************************************************************************************/
|
||||
/* This file is part of the Thelia package. */
|
||||
/* */
|
||||
/* Copyright (c) OpenStudio */
|
||||
/* email : dev@thelia.net */
|
||||
/* web : http://www.thelia.net */
|
||||
/* */
|
||||
/* For the full copyright and license information, please view the LICENSE.txt */
|
||||
/* file that was distributed with this source code. */
|
||||
/*************************************************************************************/
|
||||
namespace Thelia\Form;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Thelia\Model\ConfigQuery;
|
||||
use Thelia\Model\FormFirewall;
|
||||
use Thelia\Model\FormFirewallQuery;
|
||||
|
||||
/**
|
||||
* Class FirewallForm
|
||||
* @package Thelia\Form
|
||||
* @author Benjamin Perche <bperche@openstudio.fr>
|
||||
*/
|
||||
abstract class FirewallForm extends BaseForm
|
||||
{
|
||||
/** @var \Thelia\Model\FormFirewall */
|
||||
protected static $cachedInstance;
|
||||
|
||||
public function __construct(Request $request, $type = "form", $data = array(), $options = array())
|
||||
{
|
||||
parent::__construct($request, $type, $data, $options);
|
||||
|
||||
static::$cachedInstance = FormFirewallQuery::create()
|
||||
->filterByFormName($this->getName())
|
||||
->filterByIpAddress($this->request->getClientIp())
|
||||
->findOne()
|
||||
;
|
||||
}
|
||||
|
||||
public function isFirewallOk()
|
||||
{
|
||||
if (null !== $firewallRow = &static::$cachedInstance) {
|
||||
/** @var \DateTime $lastRequestDateTime */
|
||||
$lastRequestDateTime = $firewallRow->getUpdatedAt();
|
||||
|
||||
$lastRequestTimestamp = $lastRequestDateTime->getTimestamp();
|
||||
|
||||
/**
|
||||
* Get the last request execution time in hour.
|
||||
*/
|
||||
$lastRequest = (time() - $lastRequestTimestamp) / 3600;
|
||||
|
||||
if ($lastRequest > $this->getConfigTime()) {
|
||||
$firewallRow->resetAttempts();
|
||||
}
|
||||
|
||||
if ($firewallRow->getAttempts() <= $this->getConfigAttempts()) {
|
||||
$firewallRow->incrementAttempts();
|
||||
} else {
|
||||
/** Set updated_at at NOW() */
|
||||
$firewallRow->save();
|
||||
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
$firewallRow = (new FormFirewall())
|
||||
->setIpAddress($this->request->getClientIp())
|
||||
->setFormName($this->getName())
|
||||
;
|
||||
$firewallRow->save();
|
||||
|
||||
static::$cachedInstance = $firewallRow;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return int
|
||||
*
|
||||
* The time (in hours) to wait if the attempts have been exceeded
|
||||
*/
|
||||
public function getConfigTime()
|
||||
{
|
||||
return ConfigQuery::read("form_firewall_time_to_wait", 1);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return int
|
||||
*
|
||||
* The number of allowed attempts
|
||||
*/
|
||||
public function getConfigAttempts()
|
||||
{
|
||||
return ConfigQuery::read("form_firewall_attempts", 2);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user