src/Services/Security/IpTools.php line 22

Open in your IDE?
  1. <?php
  3. namespace App\Services\Security;
  5. use Doctrine\Persistence\ManagerRegistry;
  6. use Symfony\Component\HttpFoundation\RequestStack;
  8. use App\Entity\Security\IpAttempt;
  9. use App\Entity\Security\IpBan;
  10. use App\Services\LogTools;
  12. class IpTools
  13. {
  14.     const MAX_LOGIN_FAILURE_ATTEMPTS 25;
  15.     const ATTEMPTS_INTERVAL_SECONDS 60 10;
  16.     const BAN_TIME_SECONDS 60 10;
  18.     public function __construct(ManagerRegistry $doctrineRequestStack $requestStackLogTools $logTools)
  19.     {
  20.         $this->em $doctrine->getManager();
  21.         $this->requestStack $requestStack;
  22.         $this->logTools $logTools;
  23.     }
  25.     public function fail2ban($args)
  26.     {
  27.         $request $this->requestStack->getCurrentRequest();
  28.         if ($request === null)
  29.         {
  30.             return false;
  31.         }
  33.         if (empty($request->getClientIp()))
  34.         {
  35.             return false;
  36.         }
  38.         // Various initialisations
  39.         $username null;
  40.         if (array_key_exists('username'$args))
  41.         {
  42.             $username $args['username'];
  43.         }
  45.         $errors = array();
  47.         // FormErrors
  48.         if (array_key_exists('form_errors'$args))
  49.         {
  50.             foreach ($args['form_errors'] as $key => $error)
  51.             {
  52.                 if ($error->getCause() !== null)
  53.                 {
  54.                     $errors[] = $error->getCause()->getMessageTemplate();
  55.                 }
  56.                 else
  57.                 {
  58.                     $errors[] = $error->getMessage();
  59.                 }
  60.             }
  61.         }
  62.         // Errors, in general
  63.         if (array_key_exists('error'$args))
  64.         {
  65.             $errors[] = $args['error'];
  66.         }
  68.         // Make only one error field
  69.         $errorDisplay null;
  70.         if (count($errors) == 1)
  71.         {
  72.             $errorDisplay $errors[0];
  73.         }
  74.         else
  75.         {
  76.             if (count($errors) > 1)
  77.             {
  78.                 $errorDisplay "";
  79.                 foreach ($errors as $error)
  80.                 {
  81.                     $errorDisplay .= $error;
  82.                     $errorDisplay .= ", ";
  83.                 }
  84.                 $errorDisplay substr($errorDisplay,0,-1);
  85.                 $errorDisplay substr($errorDisplay,0,-1);
  86.             }
  87.         }
  89.         // Get the client IP from the Request Stack
  90.         $ip $request->getClientIp();
  92.         // Get the lastest (according to MAX_LOGIN_FAILURE_ATTEMPTS) attempts
  93.         $ipAttempts $this->em
  94.             ->getRepository(IpAttempt::class)
  95.             ->getLatest($ipself::MAX_LOGIN_FAILURE_ATTEMPTS);
  97.         $ipAttempts array_reverse($ipAttempts);
  99.         // Count them
  100.         $attempts count($ipAttempts);
  102.         // If we have less than the maximum allowed, do nothing
  103.         if ($attempts >= self::MAX_LOGIN_FAILURE_ATTEMPTS)
  104.         {
  105.             // Get oldest entry
  106.             $oldest $ipAttempts[0]->getCreationDate();
  107.             if ($oldest !== null)
  108.             {
  109.                 // Compare it to the present
  110.                 $now = new \DateTime();
  112.                 // Get diff btw old/now in seconds
  113.                 $diff $now->getTimestamp() - $oldest->getTimestamp();
  114.                 
  115.                 // If too recent, ban the ip
  116.                 if ($diff self::ATTEMPTS_INTERVAL_SECONDS)
  117.                 {
  118.                     $ipBan = new IpBan();
  119.                     $ipBan->setIp($ip);
  120.                     $ipBan->setEndDate($now->add(new \DateInterval('PT'.self::BAN_TIME_SECONDS.'S')));
  122.                     $this->em->persist($ipBan);
  123.                 }
  124.             }
  125.         }
  127.         // In all cases log new attempt
  128.         $attempt = new IpAttempt();
  129.         $attempt->setIp($ip);
  130.         $attempt->setUsername($username);
  131.         $attempt->setError($errorDisplay);
  132.         $attempt->setUri($request->getUri());
  134.         $this->em->persist($attempt);
  136.         try
  137.         {
  138.             $this->em->flush();
  139.         }
  140.         catch (\Exception $e)
  141.         {
  142.             // Something went bad
  143.             $this->logTools->errorLog($e->getMessage());
  145.             return false;
  146.         }
  147.         return true;
  148.     }
  150.     public function isBanned($ip)
  151.     {
  152.         $ipBan $this->em
  153.             ->getRepository(IpBan::class)
  154.             ->findOneBy(
  155.                 array('ip'    =>    $ip),
  156.                 array('endDate'    =>    'DESC',)
  157.             );
  159.         if ($ipBan === null)
  160.         {
  161.             return false;
  162.         }
  164.         // Check timestamp
  165.         $now = new \DateTime();
  166.         if ($now->format("YmdHis") <= $ipBan->getEndDate()->format("YmdHis"))
  167.         {
  168.             return true;
  169.         }
  171.         return false;
  172.     }
  173. }