diff options
| author | Robin Appelman <robin@icewind.nl> | 2016-08-26 15:10:03 +0200 |
|---|---|---|
| committer | Robin Appelman <robin@icewind.nl> | 2016-08-29 13:36:49 +0200 |
| commit | 6c93fe08f53bff474921d150edabb27ca630edd7 (patch) | |
| tree | afdc87fb14c91e0dbc71b32e7f8c5abbb70e40e6 | |
| parent | 3647fbe7cd86e743b059889d69b03fcf8207780f (diff) | |
| download | nextcloud-server-6c93fe08f53bff474921d150edabb27ca630edd7.tar.gz nextcloud-server-6c93fe08f53bff474921d150edabb27ca630edd7.zip | |
dont get bruteforce delay twice
| -rw-r--r-- | lib/private/Security/Bruteforce/Throttler.php | 5 | ||||
| -rw-r--r-- | lib/private/User/Session.php | 3 | ||||
| -rw-r--r-- | tests/lib/User/SessionTest.php | 12 |
3 files changed, 11 insertions, 9 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php index 11a343918c6..031c5ffd411 100644 --- a/lib/private/Security/Bruteforce/Throttler.php +++ b/lib/private/Security/Bruteforce/Throttler.php @@ -225,8 +225,11 @@ class Throttler { * Will sleep for the defined amount of time * * @param string $ip + * @return int the time spent sleeping */ public function sleepDelay($ip) { - usleep($this->getDelay($ip) * 1000); + $delay = $this->getDelay($ip); + usleep($delay * 1000); + return $delay; } } diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 3b357b69bcf..dec959820f8 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -309,8 +309,7 @@ class Session implements IUserSession, Emitter { $password, IRequest $request, OC\Security\Bruteforce\Throttler $throttler) { - $currentDelay = $throttler->getDelay($request->getRemoteAddress()); - $throttler->sleepDelay($request->getRemoteAddress()); + $currentDelay = $throttler->sleepDelay($request->getRemoteAddress()); $isTokenPassword = $this->isTokenPassword($password); if (!$isTokenPassword && $this->isTokenAuthEnforced()) { diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index 379c7e39442..4b8067117b1 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -371,7 +371,7 @@ class SessionTest extends \Test\TestCase { ->with('token_auth_enforced', false) ->will($this->returnValue(true)); $request - ->expects($this->exactly(2)) + ->expects($this->any()) ->method('getRemoteAddress') ->willReturn('192.168.0.1'); $this->throttler @@ -379,7 +379,7 @@ class SessionTest extends \Test\TestCase { ->method('sleepDelay') ->with('192.168.0.1'); $this->throttler - ->expects($this->once()) + ->expects($this->any()) ->method('getDelay') ->with('192.168.0.1') ->willReturn(0); @@ -412,7 +412,7 @@ class SessionTest extends \Test\TestCase { ->method('set') ->with('app_password', 'I-AM-AN-APP-PASSWORD'); $request - ->expects($this->exactly(2)) + ->expects($this->any()) ->method('getRemoteAddress') ->willReturn('192.168.0.1'); $this->throttler @@ -420,7 +420,7 @@ class SessionTest extends \Test\TestCase { ->method('sleepDelay') ->with('192.168.0.1'); $this->throttler - ->expects($this->once()) + ->expects($this->any()) ->method('getDelay') ->with('192.168.0.1') ->willReturn(0); @@ -459,7 +459,7 @@ class SessionTest extends \Test\TestCase { ->will($this->returnValue(true)); $request - ->expects($this->exactly(2)) + ->expects($this->any()) ->method('getRemoteAddress') ->willReturn('192.168.0.1'); $this->throttler @@ -467,7 +467,7 @@ class SessionTest extends \Test\TestCase { ->method('sleepDelay') ->with('192.168.0.1'); $this->throttler - ->expects($this->once()) + ->expects($this->any()) ->method('getDelay') ->with('192.168.0.1') ->willReturn(0); |