Expose WebUI ban duration to users

src/base/preferences.cpp

@@ -29,6 +29,8 @@
 
 #include "preferences.h"
 
+#include <chrono>
+
 #ifdef Q_OS_MACOS
 #include <CoreServices/CoreServices.h>
 #endif
@@ -631,6 +633,16 @@ void Preferences::setWebUIMaxAuthFailCount(const int count)
     setValue("Preferences/WebUI/MaxAuthenticationFailCount", count);
 }
 
+std::chrono::seconds Preferences::getWebUIBanDuration() const
+{
+    return std::chrono::seconds {value("Preferences/WebUI/BanDuration", 3600).toInt()};
+}
+
+void Preferences::setWebUIBanDuration(const std::chrono::seconds duration)
+{
+    setValue("Preferences/WebUI/BanDuration", static_cast<int>(duration.count()));
+}
+
 int Preferences::getWebUISessionTimeout() const
 {
     return value("Preferences/WebUI/SessionTimeout", 3600).toInt();

src/base/preferences.h

@@ -196,6 +196,8 @@ public:
     void setWebUIPassword(const QByteArray &password);
     int getWebUIMaxAuthFailCount() const;
     void setWebUIMaxAuthFailCount(int count);
+    std::chrono::seconds getWebUIBanDuration() const;
+    void setWebUIBanDuration(std::chrono::seconds duration);
     int getWebUISessionTimeout() const;
     void setWebUISessionTimeout(int timeout);
 

src/gui/optionsdialog.cpp

@@ -422,6 +422,7 @@ OptionsDialog::OptionsDialog(QWidget *parent)
     connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
     connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, m_ui->IPSubnetWhitelistButton, &QPushButton::setEnabled);
     connect(m_ui->spinBanCounter, qSpinBoxValueChanged, this, &ThisType::enableApplyButton);
+    connect(m_ui->spinBanDuration, qSpinBoxValueChanged, this, &ThisType::enableApplyButton);
     connect(m_ui->spinSessionTimeout, qSpinBoxValueChanged, this, &ThisType::enableApplyButton);
     connect(m_ui->checkClickjacking, &QCheckBox::toggled, this, &ThisType::enableApplyButton);
     connect(m_ui->checkCSRFProtection, &QCheckBox::toggled, this, &ThisType::enableApplyButton);
@@ -772,6 +773,7 @@ void OptionsDialog::saveOptions()
         pref->setWebUIHttpsCertificatePath(m_ui->textWebUIHttpsCert->selectedPath());
         pref->setWebUIHttpsKeyPath(m_ui->textWebUIHttpsKey->selectedPath());
         pref->setWebUIMaxAuthFailCount(m_ui->spinBanCounter->value());
+        pref->setWebUIBanDuration(std::chrono::seconds {m_ui->spinBanDuration->value()});
         pref->setWebUISessionTimeout(m_ui->spinSessionTimeout->value());
         // Authentication
         pref->setWebUiUsername(webUiUsername());
@@ -1156,6 +1158,7 @@ void OptionsDialog::loadOptions()
     m_ui->checkBypassAuthSubnetWhitelist->setChecked(pref->isWebUiAuthSubnetWhitelistEnabled());
     m_ui->IPSubnetWhitelistButton->setEnabled(m_ui->checkBypassAuthSubnetWhitelist->isChecked());
     m_ui->spinBanCounter->setValue(pref->getWebUIMaxAuthFailCount());
+    m_ui->spinBanDuration->setValue(pref->getWebUIBanDuration().count());
     m_ui->spinSessionTimeout->setValue(pref->getWebUISessionTimeout());
 
     // Security

src/gui/optionsdialog.ui

@@ -2987,25 +2987,15 @@ Specify an IPv4 or IPv6 address. You can specify "0.0.0.0" for any IPv
                    </widget>
                   </item>
                   <item>
-                   <layout class="QHBoxLayout" name="horizontalLayout_19">
+                   <layout class="QGridLayout" name="gridLayout_10">
-                    <item>
+                    <item row="0" column="0">
                      <widget class="QLabel" name="lblBanCounter">
                       <property name="text">
                        <string>Ban client after consecutive failures:</string>
                       </property>
                      </widget>
                     </item>
-                    <item>
+                    <item row="0" column="2">
-                     <widget class="QSpinBox" name="spinBanCounter">
-                      <property name="specialValueText">
-                       <string>Never</string>
-                      </property>
-                      <property name="maximum">
-                       <number>2147483647</number>
-                      </property>
-                     </widget>
-                    </item>
-                    <item>
                      <spacer name="horizontalSpacer_15">
                       <property name="orientation">
                        <enum>Qt::Horizontal</enum>
@@ -3018,6 +3008,39 @@ Specify an IPv4 or IPv6 address. You can specify &quot;0.0.0.0&quot; for any IPv
                       </property>
                      </spacer>
                     </item>
+                    <item row="0" column="1">
+                     <widget class="QSpinBox" name="spinBanCounter">
+                      <property name="specialValueText">
+                       <string>Never</string>
+                      </property>
+                      <property name="maximum">
+                       <number>2147483647</number>
+                      </property>
+                     </widget>
+                    </item>
+                    <item row="1" column="0">
+                     <widget class="QLabel" name="lblBanDuration">
+                      <property name="text">
+                       <string>ban for:</string>
+                      </property>
+                      <property name="alignment">
+                       <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
+                      </property>
+                     </widget>
+                    </item>
+                    <item row="1" column="1">
+                     <widget class="QSpinBox" name="spinBanDuration">
+                      <property name="suffix">
+                       <string> sec</string>
+                      </property>
+                      <property name="minimum">
+                       <number>1</number>
+                      </property>
+                      <property name="maximum">
+                       <number>2147483647</number>
+                      </property>
+                     </widget>
+                    </item>
                    </layout>
                   </item>
                   <item>

src/webui/api/appcontroller.cpp

@@ -233,6 +233,7 @@ void AppController::preferencesAction()
         authSubnetWhitelistStringList << Utils::Net::subnetToString(subnet);
     data["bypass_auth_subnet_whitelist"] = authSubnetWhitelistStringList.join("\n");
     data["web_ui_max_auth_fail_count"] = pref->getWebUIMaxAuthFailCount();
+    data["web_ui_ban_duration"] = static_cast<int>(pref->getWebUIBanDuration().count());
     data["web_ui_session_timeout"] = pref->getWebUISessionTimeout();
     // Use alternative Web UI
     data["alternative_webui_enabled"] = pref->isAltWebUiEnabled();
@@ -604,6 +605,8 @@ void AppController::setPreferencesAction()
     }
     if (hasKey("web_ui_max_auth_fail_count"))
         pref->setWebUIMaxAuthFailCount(it.value().toInt());
+    if (hasKey("web_ui_ban_duration"))
+        pref->setWebUIBanDuration(std::chrono::seconds {it.value().toInt()});
     if (hasKey("web_ui_session_timeout"))
         pref->setWebUISessionTimeout(it.value().toInt());
     // Use alternative Web UI

src/webui/api/authcontroller.cpp

@@ -36,8 +36,6 @@
 #include "apierror.h"
 #include "isessionmanager.h"
 
-constexpr int BAN_TIME = 3600000; // 1 hour
-
 void AuthController::loginAction()
 {
     if (sessionManager()->session()) {
@@ -116,6 +114,6 @@ void AuthController::increaseFailedAttempts()
     if (failedLogin.failedAttemptsCount >= Preferences::instance()->getWebUIMaxAuthFailCount()) {
         // Max number of failed attempts reached
         // Start ban period
-        failedLogin.banTimer.setRemainingTime(BAN_TIME);
+        failedLogin.banTimer.setRemainingTime(Preferences::instance()->getWebUIBanDuration());
     }
 }

src/webui/www/private/views/preferences.html

@@ -733,6 +733,10 @@
                     <td><label for="webUIMaxAuthFailCountInput">QBT_TR(Ban client after consecutive failures:)QBT_TR[CONTEXT=OptionsDialog]</label></td>
                     <td><input type="number" id="webUIMaxAuthFailCountInput" style="width: 4em;" min="0" /></td>
                 </tr>
+                <tr>
+                    <td style="text-align: right;"><label for="webUIBanDurationInput">QBT_TR(ban for:)QBT_TR[CONTEXT=OptionsDialog]</label></td>
+                    <td><input type="number" id="webUIBanDurationInput" style="width: 4em;" min="1" />QBT_TR(seconds)QBT_TR[CONTEXT=OptionsDialog]</td>
+                </tr>
             </table>
             <table>
                 <tr>
@@ -1725,6 +1729,7 @@
                         $('bypass_auth_subnet_whitelist_textarea').setProperty('value', pref.bypass_auth_subnet_whitelist);
                         updateBypasssAuthSettings();
                         $('webUIMaxAuthFailCountInput').setProperty('value', pref.web_ui_max_auth_fail_count.toInt());
+                        $('webUIBanDurationInput').setProperty('value', pref.web_ui_ban_duration.toInt());
                         $('webUISessionTimeoutInput').setProperty('value', pref.web_ui_session_timeout.toInt());
 
                         // Use alternative Web UI
@@ -2089,6 +2094,7 @@
             settings.set('bypass_auth_subnet_whitelist_enabled', $('bypass_auth_subnet_whitelist_checkbox').getProperty('checked'));
             settings.set('bypass_auth_subnet_whitelist', $('bypass_auth_subnet_whitelist_textarea').getProperty('value'));
             settings.set('web_ui_max_auth_fail_count', $('webUIMaxAuthFailCountInput').getProperty('value'));
+            settings.set('web_ui_ban_duration', $('webUIBanDurationInput').getProperty('value'));
             settings.set('web_ui_session_timeout', $('webUISessionTimeoutInput').getProperty('value'));
 
             // Use alternative Web UI