src/Services/Security/IpTools.php line 25

Open in your IDE?
  1. <?php
  2. //----------------------------------------------------------------------
  3. // src/Services/Security/IpTools.php
  4. //----------------------------------------------------------------------
  5. namespace App\Services\Security;
  7. use Doctrine\Persistence\ManagerRegistry;
  8. use Symfony\Component\HttpFoundation\RequestStack;
  10. use App\Entity\Security\IpAttempt;
  11. use App\Entity\Security\IpBan;
  12. use App\Entity\Security\Whitelist;
  13. use App\Services\LogTools;
  15. class IpTools
  16. {
  17.     const MAX_LOGIN_FAILURE_ATTEMPTS 25;
  18.     const ATTEMPTS_INTERVAL_SECONDS 60 10;
  19.     const BAN_TIME_SECONDS 60 10;
  21.     public function __construct(ManagerRegistry $doctrineRequestStack $requestStackLogTools $logTools)
  22.     {
  23.         $this->em $doctrine->getManager();
  24.         $this->requestStack $requestStack;
  25.         $this->logTools $logTools;
  26.     }
  28.     public function fail2ban($args)
  29.     {
  30.         $request $this->requestStack->getCurrentRequest();
  31.         if ($request === null)
  32.         {
  33.             return false;
  34.         }
  36.         if (empty($request->getClientIp()))
  37.         {
  38.             return false;
  39.         }
  41.         // Plan.io Task #3696 : Whitelisting
  42.         // Get the client IP from the Request Stack
  43.         $whitelistIps $this->em->getRepository(Whitelist::class)
  44.             ->getForIp($request->getClientIp());
  45.         if (count($whitelistIps))
  46.         {
  47.             // IP is whitelisted
  48.             // $this->logTools->ploopLog("[IpTools][fail2ban] IP ".$request->getClientIp()." is whitelisted");
  49.             return true;
  50.         }
  52.         // Various initialisations
  53.         $username null;
  54.         if (array_key_exists('username'$args))
  55.         {
  56.             $username $args['username'];
  57.         }
  59.         $errors = array();
  61.         // FormErrors
  62.         if (array_key_exists('form_errors'$args))
  63.         {
  64.             foreach ($args['form_errors'] as $key => $error)
  65.             {
  66.                 if ($error->getCause() !== null)
  67.                 {
  68.                     $errors[] = $error->getCause()->getMessageTemplate();
  69.                 }
  70.                 else
  71.                 {
  72.                     $errors[] = $error->getMessage();
  73.                 }
  74.             }
  75.         }
  76.         // Errors, in general
  77.         if (array_key_exists('error'$args))
  78.         {
  79.             $errors[] = $args['error'];
  80.         }
  82.         // Make only one error field
  83.         $errorDisplay null;
  84.         if (count($errors) == 1)
  85.         {
  86.             $errorDisplay $errors[0];
  87.         }
  88.         else
  89.         {
  90.             if (count($errors) > 1)
  91.             {
  92.                 $errorDisplay "";
  93.                 foreach ($errors as $error)
  94.                 {
  95.                     $errorDisplay .= $error;
  96.                     $errorDisplay .= ", ";
  97.                 }
  98.                 $errorDisplay substr($errorDisplay,0,-1);
  99.                 $errorDisplay substr($errorDisplay,0,-1);
  100.             }
  101.         }
  103.         // Get the client IP from the Request Stack
  104.         $ip $request->getClientIp();
  106.         // Get the lastest (according to MAX_LOGIN_FAILURE_ATTEMPTS) attempts
  107.         $ipAttempts $this->em
  108.             ->getRepository(IpAttempt::class)
  109.             ->getLatest($ipself::MAX_LOGIN_FAILURE_ATTEMPTS);
  111.         $ipAttempts array_reverse($ipAttempts);
  113.         // Count them
  114.         $attempts count($ipAttempts);
  116.         // If we have less than the maximum allowed, do nothing
  117.         if ($attempts >= self::MAX_LOGIN_FAILURE_ATTEMPTS)
  118.         {
  119.             // Get oldest entry
  120.             $oldest $ipAttempts[0]->getCreationDate();
  121.             if ($oldest !== null)
  122.             {
  123.                 // Compare it to the present
  124.                 $now = new \DateTime();
  126.                 // Get diff btw old/now in seconds
  127.                 $diff $now->getTimestamp() - $oldest->getTimestamp();
  129.                 // If too recent, ban the ip
  130.                 if ($diff self::ATTEMPTS_INTERVAL_SECONDS)
  131.                 {
  132.                     $ipBan = new IpBan();
  133.                     $ipBan->setIp($ip);
  134.                     $ipBan->setEndDate($now->add(new \DateInterval('PT'.self::BAN_TIME_SECONDS.'S')));
  136.                     $this->em->persist($ipBan);
  137.                 }
  138.             }
  139.         }
  141.         // In all cases log new attempt
  142.         $attempt = new IpAttempt();
  143.         $attempt->setIp($ip);
  144.         $attempt->setUsername($username);
  145.         $attempt->setError($errorDisplay);
  146.         $attempt->setUri($request->getUri());
  148.         $this->em->persist($attempt);
  150.         try
  151.         {
  152.             $this->em->flush();
  153.         }
  154.         catch (\Exception $e)
  155.         {
  156.             // Something went bad
  157.             $this->logTools->errorLog($e->getMessage());
  159.             return false;
  160.         }
  161.         return true;
  162.     }
  164.     public function isBanned($ip)
  165.     {
  166.         $ipBan $this->em
  167.             ->getRepository(IpBan::class)
  168.             ->findOneBy(
  169.                 array('ip'    =>    $ip),
  170.                 array('endDate'    =>    'DESC',)
  171.             );
  173.         if ($ipBan === null)
  174.         {
  175.             return false;
  176.         }
  178.         // Check timestamp
  179.         $now = new \DateTime();
  180.         if ($now->format("YmdHis") <= $ipBan->getEndDate()->format("YmdHis"))
  181.         {
  182.             return true;
  183.         }
  185.         return false;
  186.     }
  187. }