dont get bruteforce delay twice

2 files changed, 5 insertions, 3 deletions

diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 11a343918c6..031c5ffd411 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -225,8 +225,11 @@ class Throttler {
 	 * Will sleep for the defined amount of time
 	 *
 	 * @param string $ip
+	 * @return int the time spent sleeping
 	 */
 	public function sleepDelay($ip) {
-		usleep($this->getDelay($ip) * 1000);
+		$delay = $this->getDelay($ip);
+		usleep($delay * 1000);
+		return $delay;
 	}
 }
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 3b357b69bcf..dec959820f8 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -309,8 +309,7 @@ class Session implements IUserSession, Emitter {
 								$password,
 								IRequest $request,
 								OC\Security\Bruteforce\Throttler $throttler) {
-		$currentDelay = $throttler->getDelay($request->getRemoteAddress());
-		$throttler->sleepDelay($request->getRemoteAddress());
+		$currentDelay = $throttler->sleepDelay($request->getRemoteAddress());
 
 		$isTokenPassword = $this->isTokenPassword($password);
 		if (!$isTokenPassword && $this->isTokenAuthEnforced()) {