aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2017-04-12 23:00:02 +0200
committerLukas Reschke <lukas@statuscode.ch>2017-04-13 12:00:18 +0200
commite39e6d0605421faaaec57b3deba1ac2a1805d22e (patch)
tree70e9b4a0de2bdf2b53da9038b9f13e510b974314 /lib/private/Security
parent31ae39c5690b3d69226fdd5e02b7efd72f8fb9d2 (diff)
downloadnextcloud-server-e39e6d0605421faaaec57b3deba1ac2a1805d22e.tar.gz
nextcloud-server-e39e6d0605421faaaec57b3deba1ac2a1805d22e.zip
Remove expired attempts
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib/private/Security')
-rw-r--r--lib/private/Security/RateLimiting/Backend/IBackend.php20
-rw-r--r--lib/private/Security/RateLimiting/Backend/MemoryCache.php24
2 files changed, 32 insertions, 12 deletions
diff --git a/lib/private/Security/RateLimiting/Backend/IBackend.php b/lib/private/Security/RateLimiting/Backend/IBackend.php
index 092c0e7bb8a..9753eb4997c 100644
--- a/lib/private/Security/RateLimiting/Backend/IBackend.php
+++ b/lib/private/Security/RateLimiting/Backend/IBackend.php
@@ -32,19 +32,23 @@ interface IBackend {
/**
* Gets the amount of attempts within the last specified seconds
*
- * @param string $methodIdentifier
- * @param string $userIdentifier
- * @param int $seconds
+ * @param string $methodIdentifier Identifier for the method
+ * @param string $userIdentifier Identifier for the user
+ * @param int $seconds Seconds to look back at
* @return int
*/
- public function getAttempts($methodIdentifier, $userIdentifier, $seconds);
+ public function getAttempts($methodIdentifier,
+ $userIdentifier,
+ $seconds);
/**
* Registers an attempt
*
- * @param string $methodIdentifier
- * @param string $userIdentifier
- * @param int $timestamp
+ * @param string $methodIdentifier Identifier for the method
+ * @param string $userIdentifier Identifier for the user
+ * @param int $period Period in seconds how long this attempt should be stored
*/
- public function registerAttempt($methodIdentifier, $userIdentifier, $timestamp);
+ public function registerAttempt($methodIdentifier,
+ $userIdentifier,
+ $period);
}
diff --git a/lib/private/Security/RateLimiting/Backend/MemoryCache.php b/lib/private/Security/RateLimiting/Backend/MemoryCache.php
index a0c53335bcf..25595cda4a5 100644
--- a/lib/private/Security/RateLimiting/Backend/MemoryCache.php
+++ b/lib/private/Security/RateLimiting/Backend/MemoryCache.php
@@ -52,7 +52,8 @@ class MemoryCache implements IBackend {
* @param string $userIdentifier
* @return string
*/
- private function hash($methodIdentifier, $userIdentifier) {
+ private function hash($methodIdentifier,
+ $userIdentifier) {
return hash('sha512', $methodIdentifier . $userIdentifier);
}
@@ -72,7 +73,9 @@ class MemoryCache implements IBackend {
/**
* {@inheritDoc}
*/
- public function getAttempts($methodIdentifier, $userIdentifier, $seconds) {
+ public function getAttempts($methodIdentifier,
+ $userIdentifier,
+ $seconds) {
$identifier = $this->hash($methodIdentifier, $userIdentifier);
$existingAttempts = $this->getExistingAttempts($identifier);
@@ -91,10 +94,23 @@ class MemoryCache implements IBackend {
/**
* {@inheritDoc}
*/
- public function registerAttempt($methodIdentifier, $userIdentifier, $timestamp) {
+ public function registerAttempt($methodIdentifier,
+ $userIdentifier,
+ $period) {
$identifier = $this->hash($methodIdentifier, $userIdentifier);
$existingAttempts = $this->getExistingAttempts($identifier);
- $existingAttempts[] = (string)$timestamp;
+ $currentTime = $this->timeFactory->getTime();
+
+ // Unset all attempts older than $period
+ foreach ($existingAttempts as $key => $attempt) {
+ if(($attempt + $period) < $currentTime) {
+ unset($existingAttempts[$key]);
+ }
+ }
+ $existingAttempts = array_values($existingAttempts);
+
+ // Store the new attempt
+ $existingAttempts[] = (string)$currentTime;
$this->cache->set($identifier, json_encode($existingAttempts));
}
}