diff options
| author | Joas Schilling <coding@schilljs.com> | 2025-05-20 08:37:23 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2025-05-20 08:37:23 +0200 |
| commit | 1d8556ecc3218bd4a9a483ad54088e9282da069a (patch) | |
| tree | 1efbf0c33a6178efe1ab869610fd13fb5b856745 | |
| parent | cc22d7488700d2020d483eb245f2fd09a2ae9863 (diff) | |
| download | nextcloud-server-perf/noid/query-performance.tar.gz nextcloud-server-perf/noid/query-performance.zip | |
fix(throttler): Don't query bruteforce attempts twiceperf/noid/query-performance
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/private/Security/Bruteforce/Throttler.php | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php index 065f720ba72..574f6c80c3f 100644 --- a/lib/private/Security/Bruteforce/Throttler.php +++ b/lib/private/Security/Bruteforce/Throttler.php @@ -206,25 +206,27 @@ class Throttler implements IThrottler { * {@inheritDoc} */ public function sleepDelayOrThrowOnMax(string $ip, string $action = ''): int { - $attempts = $this->getAttempts($ip, $action, 0.5); - if ($attempts > $this->config->getSystemValueInt('auth.bruteforce.max-attempts', self::MAX_ATTEMPTS)) { - $this->logger->info('IP address blocked because it reached the maximum failed attempts in the last 30 minutes [action: {action}, attempts: {attempts}, ip: {ip}]', [ - 'action' => $action, - 'ip' => $ip, - 'attempts' => $attempts, - ]); - // If the ip made too many attempts within the last 30 mins we don't execute anymore - throw new MaxDelayReached('Reached maximum delay'); - } - + $maxAttempts = $this->config->getSystemValueInt('auth.bruteforce.max-attempts', self::MAX_ATTEMPTS); $attempts = $this->getAttempts($ip, $action); - if ($attempts > 10) { + if ($attempts > $maxAttempts) { + $attempts30mins = $this->getAttempts($ip, $action, 0.5); + if ($attempts30mins > $maxAttempts) { + $this->logger->info('IP address blocked because it reached the maximum failed attempts in the last 30 minutes [action: {action}, attempts: {attempts}, ip: {ip}]', [ + 'action' => $action, + 'ip' => $ip, + 'attempts' => $attempts30mins, + ]); + // If the ip made too many attempts within the last 30 mins we don't execute anymore + throw new MaxDelayReached('Reached maximum delay'); + } + $this->logger->info('IP address throttled because it reached the attempts limit in the last 12 hours [action: {action}, attempts: {attempts}, ip: {ip}]', [ 'action' => $action, 'ip' => $ip, 'attempts' => $attempts, ]); } + if ($attempts > 0) { return $this->calculateDelay($attempts); } |