Only ignore attempts of the same action

author Joas Schilling <coding@schilljs.com>

Thu, 7 Jul 2022 07:35:14 +0000 (09:35 +0200)

committer backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>

Thu, 7 Jul 2022 09:03:55 +0000 (09:03 +0000)
author Joas Schilling <coding@schilljs.com>
Thu, 7 Jul 2022 07:35:14 +0000 (09:35 +0200)
committer backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>
Thu, 7 Jul 2022 09:03:55 +0000 (09:03 +0000)
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php

index c47d102b8819d9368cd3c44126c485c3eef86756..e37746eb6a2d0e2836620f70de7dd3ed957cf4f2 100644 (file)
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -65,8 +65,8 @@ class Throttler {
         private LoggerInterface $logger;
         /** @var IConfig */
         private $config;
-       /** @var bool */
-       private $hasAttemptsDeleted = false;
+       /** @var bool[] */
+       private $hasAttemptsDeleted = [];
  
         public function __construct(IDBConnection $db,
                                                                 ITimeFactory $timeFactory,
@@ -225,7 +225,7 @@ class Throttler {
                         $maxAgeHours = 48;
                 }
  
-               if ($ip === '' || $this->hasAttemptsDeleted) {
+               if ($ip === '' || isset($this->hasAttemptsDeleted[$action])) {
                         return 0;
                 }
  
@@ -303,7 +303,7 @@ class Throttler {
  
                 $qb->executeStatement();
  
-               $this->hasAttemptsDeleted = true;
+               $this->hasAttemptsDeleted[$action] = true;
         }
  
         /**
author	Joas Schilling <coding@schilljs.com>
	Thu, 7 Jul 2022 07:35:14 +0000 (09:35 +0200)
committer	backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>
	Thu, 7 Jul 2022 09:03:55 +0000 (09:03 +0000)