*/
'auth.bruteforce.protection.enabled' => true,
+/**
+ * Whether the bruteforce protection shipped with Nextcloud should be set to testing mode.
+ *
+ * In testing mode bruteforce attempts are still recorded, but the requests do
+ * not sleep/wait for the specified time. They will still abort with
+ * "429 Too Many Requests" when the maximum delay is reached.
+ * Enabling this is discouraged for security reasons
+ * and should only be done for debugging and on CI when running tests.
+ *
+ * Defaults to ``false``
+ */
+'auth.bruteforce.protection.testing' => false,
+
/**
* Whether the rate limit protection shipped with Nextcloud should be enabled or not.
*
*/
public function sleepDelay(string $ip, string $action = ''): int {
$delay = $this->getDelay($ip, $action);
- usleep($delay * 1000);
+ if (!$this->config->getSystemValueBool('auth.bruteforce.protection.testing')) {
+ usleep($delay * 1000);
+ }
return $delay;
}
'delay' => $delay,
]);
}
- usleep($delay * 1000);
+ if (!$this->config->getSystemValueBool('auth.bruteforce.protection.testing')) {
+ usleep($delay * 1000);
+ }
return $delay;
}
}
projects / nextcloud-server.git / commitdiff