diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-05-01 18:31:45 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-05-01 18:31:45 +0200 |
| commit | a5ccb31e85bc4b471ac64d69551d02ae8a2e39e1 (patch) | |
| tree | f184dd1b84f9cfc93e30ad43cb5feab0ab18c3f0 /lib/private/Security | |
| parent | a2f6fea4081e7920ed6cd33a96e2b80dc0c51303 (diff) | |
| download | nextcloud-server-a5ccb31e85bc4b471ac64d69551d02ae8a2e39e1.tar.gz nextcloud-server-a5ccb31e85bc4b471ac64d69551d02ae8a2e39e1.zip | |
Mark IP as whitelisted if brute force protection is disabled
Currently, when disabling the brute force protection no new brute force attempts are logged. However, the ones logged within the last 24 hours will still be used for throttling.
This is quite an unexpected behaviour and caused some support issues. With this change when the brute force protection is disabled also the existing attempts within the last 24 hours will be disregarded.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib/private/Security')
| -rw-r--r-- | lib/private/Security/Bruteforce/Throttler.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php index b2524b63c63..ee02bc5a1c4 100644 --- a/lib/private/Security/Bruteforce/Throttler.php +++ b/lib/private/Security/Bruteforce/Throttler.php @@ -133,6 +133,10 @@ class Throttler { * @return bool */ private function isIPWhitelisted($ip) { + if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) { + return true; + } + $keys = $this->config->getAppKeys('bruteForce'); $keys = array_filter($keys, function($key) { $regex = '/^whitelist_/S'; |