Browse Source
Merge pull request #1087 from nextcloud/get-delay-twice
dont get bruteforce delay twicetags/v11.0RC2
Lukas Reschke
7 years ago
3 changed files with 11 additions and 9 deletions
+ 4
- 1
lib/private/Security/Bruteforce/Throttler.php
View File
| @@ -225,8 +225,11 @@ class Throttler { | |||
| * Will sleep for the defined amount of time | |||
| * | |||
| * @param string $ip | |||
| * @return int the time spent sleeping | |||
| */ | |||
| public function sleepDelay($ip) { | |||
| usleep($this->getDelay($ip) * 1000); | |||
| $delay = $this->getDelay($ip); | |||
| usleep($delay * 1000); | |||
| return $delay; | |||
| } | |||
| } | |||
+ 1
- 2
lib/private/User/Session.php
View File
| @@ -309,8 +309,7 @@ class Session implements IUserSession, Emitter { | |||
| $password, | |||
| IRequest $request, | |||
| OC\Security\Bruteforce\Throttler $throttler) { | |||
| $currentDelay = $throttler->getDelay($request->getRemoteAddress()); | |||
| $throttler->sleepDelay($request->getRemoteAddress()); | |||
| $currentDelay = $throttler->sleepDelay($request->getRemoteAddress()); | |||
| $isTokenPassword = $this->isTokenPassword($password); | |||
| if (!$isTokenPassword && $this->isTokenAuthEnforced()) { | |||
+ 6
- 6
tests/lib/User/SessionTest.php
View File
| @@ -371,7 +371,7 @@ class SessionTest extends \Test\TestCase { | |||
| ->with('token_auth_enforced', false) | |||
| ->will($this->returnValue(true)); | |||
| $request | |||
| ->expects($this->exactly(2)) | |||
| ->expects($this->any()) | |||
| ->method('getRemoteAddress') | |||
| ->willReturn('192.168.0.1'); | |||
| $this->throttler | |||
| @@ -379,7 +379,7 @@ class SessionTest extends \Test\TestCase { | |||
| ->method('sleepDelay') | |||
| ->with('192.168.0.1'); | |||
| $this->throttler | |||
| ->expects($this->once()) | |||
| ->expects($this->any()) | |||
| ->method('getDelay') | |||
| ->with('192.168.0.1') | |||
| ->willReturn(0); | |||
| @@ -412,7 +412,7 @@ class SessionTest extends \Test\TestCase { | |||
| ->method('set') | |||
| ->with('app_password', 'I-AM-AN-APP-PASSWORD'); | |||
| $request | |||
| ->expects($this->exactly(2)) | |||
| ->expects($this->any()) | |||
| ->method('getRemoteAddress') | |||
| ->willReturn('192.168.0.1'); | |||
| $this->throttler | |||
| @@ -420,7 +420,7 @@ class SessionTest extends \Test\TestCase { | |||
| ->method('sleepDelay') | |||
| ->with('192.168.0.1'); | |||
| $this->throttler | |||
| ->expects($this->once()) | |||
| ->expects($this->any()) | |||
| ->method('getDelay') | |||
| ->with('192.168.0.1') | |||
| ->willReturn(0); | |||
| @@ -459,7 +459,7 @@ class SessionTest extends \Test\TestCase { | |||
| ->will($this->returnValue(true)); | |||
| $request | |||
| ->expects($this->exactly(2)) | |||
| ->expects($this->any()) | |||
| ->method('getRemoteAddress') | |||
| ->willReturn('192.168.0.1'); | |||
| $this->throttler | |||
| @@ -467,7 +467,7 @@ class SessionTest extends \Test\TestCase { | |||
| ->method('sleepDelay') | |||
| ->with('192.168.0.1'); | |||
| $this->throttler | |||
| ->expects($this->once()) | |||
| ->expects($this->any()) | |||
| ->method('getDelay') | |||
| ->with('192.168.0.1') | |||
| ->willReturn(0); | |||
Loading…