Merge pull request #52205 from nextcloud/backport/50905/stable30backport/52121/stable30

5 files changed, 45 insertions, 1 deletions

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index a4afd106ff9..8b866c1c395 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -554,6 +554,7 @@ class ShareAPIController extends OCSController {
 	 * 200: Share created
 	 */
 	#[NoAdminRequired]
+	#[UserRateLimit(limit: 20, period: 600)]
 	public function createShare(
 		?string $path = null,
 		?int $permissions = null,
@@ -2115,7 +2116,7 @@ class ShareAPIController extends OCSController {
 	 * 200: The email notification was sent successfully
 	 */
 	#[NoAdminRequired]
-	#[UserRateLimit(limit: 5, period: 120)]
+	#[UserRateLimit(limit: 10, period: 600)]
 	public function sendShareEmail(string $id, $password = ''): DataResponse {
 		try {
 			$share = $this->getShareById($id);
diff --git a/build/integration/config/behat.yml b/build/integration/config/behat.yml
index 183ce884863..4185378211b 100644
--- a/build/integration/config/behat.yml
+++ b/build/integration/config/behat.yml
@@ -233,3 +233,13 @@ default:
             regular_user_password: 123456
         - RemoteContext:
             remote:  http://localhost:8080
+    ratelimiting:
+      paths:
+        - "%paths.base%/../ratelimiting_features"
+      contexts:
+        - RateLimitingContext:
+            baseUrl: http://localhost:8080
+            admin:
+              - admin
+              - admin
+            regular_user_password: 123456
diff --git a/build/integration/features/bootstrap/RateLimitingContext.php b/build/integration/features/bootstrap/RateLimitingContext.php
new file mode 100644
index 00000000000..ca198dc5514
--- /dev/null
+++ b/build/integration/features/bootstrap/RateLimitingContext.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+use Behat\Behat\Context\Context;
+
+class RateLimitingContext implements Context {
+	use BasicStructure;
+	use CommandLine;
+	use Provisioning;
+
+	/**
+	 * @BeforeScenario @RateLimiting
+	 */
+	public function enableRateLimiting() {
+		// Enable rate limiting for the tests.
+		// Ratelimiting is disabled by default, so we need to enable it
+		$this->runOcc(['config:system:set', 'ratelimit.protection.enabled', '--value', 'true', '--type', 'bool']);
+	}
+
+	/**
+	 * @AfterScenario @RateLimiting
+	 */
+	public function disableRateLimiting() {
+		// Restore the default rate limiting configuration.
+		// Ratelimiting is disabled by default, so we need to disable it
+		$this->runOcc(['config:system:set', 'ratelimit.protection.enabled', '--value', 'false', '--type', 'bool']);
+	}
+}
diff --git a/build/integration/features/ratelimiting.feature b/build/integration/ratelimiting_features/ratelimiting.feature
index a2fca2fc6be..43cfddec85d 100644
--- a/build/integration/features/ratelimiting.feature
+++ b/build/integration/ratelimiting_features/ratelimiting.feature
@@ -1,5 +1,6 @@
 # SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: AGPL-3.0-or-later
+@RateLimiting
 Feature: ratelimiting
 
   Background:
diff --git a/build/integration/run.sh b/build/integration/run.sh
index 8f5320af8f5..b0c5c4a047b 100755
--- a/build/integration/run.sh
+++ b/build/integration/run.sh
@@ -20,6 +20,8 @@ INSTALLED=$($OCC status | grep installed: | cut -d " " -f 5)
 if [ "$INSTALLED" == "true" ]; then
     # Disable bruteforce protection because the integration tests do trigger them
     $OCC config:system:set auth.bruteforce.protection.enabled --value false --type bool
+    # Disable rate limit protection because the integration tests do trigger them
+    $OCC config:system:set ratelimit.protection.enabled --value false --type bool
     # Allow local remote urls otherwise we can not share
     $OCC config:system:set allow_local_remote_servers --value true --type bool
 else