feat: Expose if the own IP is allowed to bypass bruteforce protection

Signed-off-by: Joas Schilling <coding@schilljs.com>

lib/private/Security/Bruteforce/Capabilities.php

@@ -3,9 +3,11 @@
 declare(strict_types=1);
 
 /**
+ * @copyright Copyright (c) 2023 Joas Schilling <coding@schilljs.com>
  * @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
  *
  * @author J0WI <J0WI@users.noreply.github.com>
+ * @author Joas Schilling <coding@schilljs.com>
  * @author Julius Härtl <jus@bitgrid.net>
  * @author Roeland Jago Douma <roeland@famdouma.nl>
  *
@@ -32,33 +34,21 @@ use OCP\Capabilities\IInitialStateExcludedCapability;
 use OCP\IRequest;
 
 class Capabilities implements IPublicCapability, IInitialStateExcludedCapability {
-	/** @var IRequest */
-	private $request;
-
-	/** @var Throttler */
-	private $throttler;
-
-	/**
-	 * Capabilities constructor.
-	 *
-	 * @param IRequest $request
-	 * @param Throttler $throttler
-	 */
-	public function __construct(IRequest $request,
-								Throttler $throttler) {
-		$this->request = $request;
-		$this->throttler = $throttler;
+	public function __construct(
+		private IRequest $request,
+		private Throttler $throttler,
+	) {
 	}
 
+	/**
+	 * @return array{bruteforce: array{delay: int, allow-listed: bool}}
+	 */
 	public function getCapabilities(): array {
-		if (version_compare(\OC::$server->getConfig()->getSystemValueString('version', '0.0.0.0'), '12.0.0.0', '<')) {
-			return [];
-		}
-
 		return [
 			'bruteforce' => [
-				'delay' => $this->throttler->getDelay($this->request->getRemoteAddress())
-			]
+				'delay' => $this->throttler->getDelay($this->request->getRemoteAddress()),
+				'allow-listed' => $this->throttler->isIPWhitelisted($this->request->getRemoteAddress()),
+			],
 		];
 	}
 }

lib/private/Security/Bruteforce/Throttler.php

@@ -110,7 +110,7 @@ class Throttler implements IThrottler {
 	 * @param string $ip
 	 * @return bool
 	 */
-	private function isIPWhitelisted(string $ip): bool {
+	public function isIPWhitelisted(string $ip): bool {
 		if (isset($this->ipIsWhitelisted[$ip])) {
 			return $this->ipIsWhitelisted[$ip];
 		}

tests/lib/Security/Bruteforce/CapabilitiesTest.php

@@ -52,18 +52,24 @@ class CapabilitiesTest extends TestCase {
 		);
 	}
 
-	public function testGetCapabilities() {
+	public function testGetCapabilities(): void {
 		$this->throttler->expects($this->atLeastOnce())
 			->method('getDelay')
 			->with('10.10.10.10')
 			->willReturn(42);
 
+		$this->throttler->expects($this->atLeastOnce())
+			->method('isIPWhitelisted')
+			->with('10.10.10.10')
+			->willReturn(true);
+
 		$this->request->method('getRemoteAddress')
 			->willReturn('10.10.10.10');
 
 		$expected = [
 			'bruteforce' => [
-				'delay' => 42
+				'delay' => 42,
+				'allow-listed' => true,
 			]
 		];
 		$result = $this->capabilities->getCapabilities();
@@ -71,7 +77,7 @@ class CapabilitiesTest extends TestCase {
 		$this->assertEquals($expected, $result);
 	}
 
-	public function testGetCapabilitiesOnCli() {
+	public function testGetCapabilitiesOnCli(): void {
 		$this->throttler->expects($this->atLeastOnce())
 			->method('getDelay')
 			->with('')
@@ -82,7 +88,8 @@ class CapabilitiesTest extends TestCase {
 
 		$expected = [
 			'bruteforce' => [
-				'delay' => 0
+				'delay' => 0,
+				'allow-listed' => false,
 			]
 		];
 		$result = $this->capabilities->getCapabilities();