TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-24 04:57:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
* fix: respect lockout policy on password change (with old password)

* add tarpitting

* cleanup
This commit is contained in:
Livio Spring
2025-10-29 10:07:35 +01:00
committed by GitHub
parent 72a5c33e6a
commit b8db8cdf9c
17 changed files with 619 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/command/session.go
View File

@@ -43,6 +43,7 @@ type SessionCommands struct {
getCodeVerifier func(ctx context.Context, id string) (senders.CodeGenerator, error)
now func() time.Time
maxIdPIntentLifetime time.Duration
tarpit func(failedAttempts uint64)
}
func (c *Commands) NewSessionCommands(cmds []SessionCommand, session *SessionWriteModel) *SessionCommands {
@@ -60,6 +61,7 @@ func (c *Commands) NewSessionCommands(cmds []SessionCommand, session *SessionWri
getCodeVerifier: c.phoneCodeVerifierFromConfig,
now: time.Now,
maxIdPIntentLifetime: c.maxIdPIntentLifetime,
tarpit: c.tarpit,
}
}
@@ -76,7 +78,7 @@ func CheckUser(id string, resourceOwner string, preferredLanguage *language.Tag)
// CheckPassword defines a password check to be executed for a session update
func CheckPassword(password string) SessionCommand {
return func(ctx context.Context, cmd *SessionCommands) ([]eventstore.Command, error) {
commands, err := checkPassword(ctx, cmd.sessionWriteModel.UserID, password, cmd.eventstore, cmd.hasher, nil)
commands, err := checkPassword(ctx, cmd.sessionWriteModel.UserID, password, cmd.eventstore, cmd.hasher, nil, cmd.tarpit)
if err != nil {
return commands, err
}
@@ -135,6 +137,7 @@ func CheckTOTP(code string) SessionCommand {
cmd.eventstore.FilterToQueryReducer,
cmd.totpAlg,
nil,
cmd.tarpit,
)
if err != nil {
return commands, err