Limit throttler to 48 hours

author Roeland Jago Douma <roeland@famdouma.nl>

Thu, 8 Oct 2020 13:04:38 +0000 (15:04 +0200)

committer Roeland Jago Douma <roeland@famdouma.nl>

Thu, 8 Oct 2020 17:51:13 +0000 (19:51 +0200)
author Roeland Jago Douma <roeland@famdouma.nl>
Thu, 8 Oct 2020 13:04:38 +0000 (15:04 +0200)
committer Roeland Jago Douma <roeland@famdouma.nl>
Thu, 8 Oct 2020 17:51:13 +0000 (19:51 +0200)
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php

index 377d9c309b4f662345b9fccfb3916671769a8f52..e1d9127a7bbd49af7c9a4a8c0e8851adc05f1c6a 100644 (file)
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -226,6 +226,11 @@ class Throttler {
          * @return int
          */
         public function getAttempts(string $ip, string $action = '', float $maxAgeHours = 12): int {
+               if ($maxAgeHours > 48) {
+                       $this->logger->error('Bruteforce has to use less than 48 hours');
+                       $maxAgeHours = 48;
+               }
+
                 if ($ip === '') {
                         return 0;
                 }
author	Roeland Jago Douma <roeland@famdouma.nl>
	Thu, 8 Oct 2020 13:04:38 +0000 (15:04 +0200)
committer	Roeland Jago Douma <roeland@famdouma.nl>
	Thu, 8 Oct 2020 17:51:13 +0000 (19:51 +0200)