From: Joas Schilling <coding@schilljs.com>
Date: Thu, 7 Jul 2022 07:35:14 +0000 (+0200)
Subject: Only ignore attempts of the same action
X-Git-Tag: v24.0.3rc2~1^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F33157%2Fhead;p=nextcloud-server.git

Only ignore attempts of the same action

Signed-off-by: Joas Schilling <coding@schilljs.com>
---

diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index c47d102b881..e37746eb6a2 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -65,8 +65,8 @@ class Throttler {
 	private LoggerInterface $logger;
 	/** @var IConfig */
 	private $config;
-	/** @var bool */
-	private $hasAttemptsDeleted = false;
+	/** @var bool[] */
+	private $hasAttemptsDeleted = [];
 
 	public function __construct(IDBConnection $db,
 								ITimeFactory $timeFactory,
@@ -225,7 +225,7 @@ class Throttler {
 			$maxAgeHours = 48;
 		}
 
-		if ($ip === '' || $this->hasAttemptsDeleted) {
+		if ($ip === '' || isset($this->hasAttemptsDeleted[$action])) {
 			return 0;
 		}
 
@@ -303,7 +303,7 @@ class Throttler {
 
 		$qb->executeStatement();
 
-		$this->hasAttemptsDeleted = true;
+		$this->hasAttemptsDeleted[$action] = true;
 	}
 
 	/**