diff options
| author | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2024-12-06 11:20:58 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-12-06 11:20:58 +0100 |
| commit | 9f0c1131359099f21d57a13d62a348eaec1e2ef8 (patch) | |
| tree | 4bc11ed9ed00590aa3dc2c077f13727d78d67ba8 /lib | |
| parent | 9684c3d2d3522ccff33b18795722bf1be79e88a0 (diff) | |
| parent | 1fd19685f1e39a19b8cb6129a96ab43ec717e01b (diff) | |
| download | nextcloud-server-9f0c1131359099f21d57a13d62a348eaec1e2ef8.tar.gz nextcloud-server-9f0c1131359099f21d57a13d62a348eaec1e2ef8.zip | |
Merge pull request #49599 from nextcloud/feat/bruteforce-max-attempts
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Security/Bruteforce/Throttler.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php index 596fcf408fa..924ae3685f3 100644 --- a/lib/private/Security/Bruteforce/Throttler.php +++ b/lib/private/Security/Bruteforce/Throttler.php @@ -195,7 +195,7 @@ class Throttler implements IThrottler { } $firstDelay = 0.1; - if ($attempts > self::MAX_ATTEMPTS) { + if ($attempts > $this->config->getSystemValueInt('auth.bruteforce.max-attempts', self::MAX_ATTEMPTS)) { // Don't ever overflow. Just assume the maxDelay time:s return self::MAX_DELAY_MS; } @@ -263,7 +263,7 @@ class Throttler implements IThrottler { */ public function sleepDelayOrThrowOnMax(string $ip, string $action = ''): int { $delay = $this->getDelay($ip, $action); - if (($delay === self::MAX_DELAY_MS) && $this->getAttempts($ip, $action, 0.5) > self::MAX_ATTEMPTS) { + if (($delay === self::MAX_DELAY_MS) && $this->getAttempts($ip, $action, 0.5) > $this->config->getSystemValueInt('auth.bruteforce.max-attempts', self::MAX_ATTEMPTS)) { $this->logger->info('IP address blocked because it reached the maximum failed attempts in the last 30 minutes [action: {action}, ip: {ip}]', [ 'action' => $action, 'ip' => $ip, |