Remove expired attempts

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

2 files changed, 32 insertions, 12 deletions

diff --git a/lib/private/Security/RateLimiting/Backend/IBackend.php b/lib/private/Security/RateLimiting/Backend/IBackend.php
index 092c0e7bb8a..9753eb4997c 100644
--- a/lib/private/Security/RateLimiting/Backend/IBackend.php
+++ b/lib/private/Security/RateLimiting/Backend/IBackend.php
@@ -32,19 +32,23 @@ interface IBackend {
 	/**
 	 * Gets the amount of attempts within the last specified seconds
 	 *
-	 * @param string $methodIdentifier
-	 * @param string $userIdentifier
-	 * @param int $seconds
+	 * @param string $methodIdentifier Identifier for the method
+	 * @param string $userIdentifier Identifier for the user
+	 * @param int $seconds Seconds to look back at
 	 * @return int
 	 */
-	public function getAttempts($methodIdentifier, $userIdentifier, $seconds);
+	public function getAttempts($methodIdentifier,
+								$userIdentifier,
+								$seconds);
 
 	/**
 	 * Registers an attempt
 	 *
-	 * @param string $methodIdentifier
-	 * @param string $userIdentifier
-	 * @param int $timestamp
+	 * @param string $methodIdentifier Identifier for the method
+	 * @param string $userIdentifier Identifier for the user
+	 * @param int $period Period in seconds how long this attempt should be stored
 	 */
-	public function registerAttempt($methodIdentifier, $userIdentifier, $timestamp);
+	public function registerAttempt($methodIdentifier,
+									$userIdentifier,
+									$period);
 }
diff --git a/lib/private/Security/RateLimiting/Backend/MemoryCache.php b/lib/private/Security/RateLimiting/Backend/MemoryCache.php
index a0c53335bcf..25595cda4a5 100644
--- a/lib/private/Security/RateLimiting/Backend/MemoryCache.php
+++ b/lib/private/Security/RateLimiting/Backend/MemoryCache.php
@@ -52,7 +52,8 @@ class MemoryCache implements IBackend {
 	 * @param string $userIdentifier
 	 * @return string
 	 */
-	private function hash($methodIdentifier, $userIdentifier) {
+	private function hash($methodIdentifier,
+						  $userIdentifier) {
 		return hash('sha512', $methodIdentifier . $userIdentifier);
 	}
 
@@ -72,7 +73,9 @@ class MemoryCache implements IBackend {
 	/**
 	 * {@inheritDoc}
 	 */
-	public function getAttempts($methodIdentifier, $userIdentifier, $seconds) {
+	public function getAttempts($methodIdentifier,
+								$userIdentifier,
+								$seconds) {
 		$identifier = $this->hash($methodIdentifier, $userIdentifier);
 		$existingAttempts = $this->getExistingAttempts($identifier);
 
@@ -91,10 +94,23 @@ class MemoryCache implements IBackend {
 	/**
 	 * {@inheritDoc}
 	 */
-	public function registerAttempt($methodIdentifier, $userIdentifier, $timestamp) {
+	public function registerAttempt($methodIdentifier,
+									$userIdentifier,
+									$period) {
 		$identifier = $this->hash($methodIdentifier, $userIdentifier);
 		$existingAttempts = $this->getExistingAttempts($identifier);
-		$existingAttempts[] = (string)$timestamp;
+		$currentTime = $this->timeFactory->getTime();
+
+		// Unset all attempts older than $period
+		foreach ($existingAttempts as $key => $attempt) {
+			if(($attempt + $period) < $currentTime) {
+				unset($existingAttempts[$key]);
+			}
+		}
+		$existingAttempts = array_values($existingAttempts);
+
+		// Store the new attempt
+		$existingAttempts[] = (string)$currentTime;
 		$this->cache->set($identifier, json_encode($existingAttempts));
 	}
 }