summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2023-08-16 17:40:38 +0200
committerJoas Schilling <coding@schilljs.com>2023-08-23 06:44:08 +0200
commit759fc11f39839801e75a46ea619508b587448727 (patch)
tree6299c12f21407af5ac9a043130a397c154bab240 /lib
parentb5dbb4d9f2f0c3b8ccfa16704cdcb7abf231d56e (diff)
downloadnextcloud-server-759fc11f39839801e75a46ea619508b587448727.tar.gz
nextcloud-server-759fc11f39839801e75a46ea619508b587448727.zip
fix: Make bypass function public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Security/Bruteforce/Capabilities.php5
-rw-r--r--lib/private/Security/Bruteforce/Throttler.php10
-rw-r--r--lib/public/Security/Bruteforce/IThrottler.php10
3 files changed, 18 insertions, 7 deletions
diff --git a/lib/private/Security/Bruteforce/Capabilities.php b/lib/private/Security/Bruteforce/Capabilities.php
index 4eada3d05f5..b50eea0b7af 100644
--- a/lib/private/Security/Bruteforce/Capabilities.php
+++ b/lib/private/Security/Bruteforce/Capabilities.php
@@ -32,11 +32,12 @@ namespace OC\Security\Bruteforce;
use OCP\Capabilities\IPublicCapability;
use OCP\Capabilities\IInitialStateExcludedCapability;
use OCP\IRequest;
+use OCP\Security\Bruteforce\IThrottler;
class Capabilities implements IPublicCapability, IInitialStateExcludedCapability {
public function __construct(
private IRequest $request,
- private Throttler $throttler,
+ private IThrottler $throttler,
) {
}
@@ -47,7 +48,7 @@ class Capabilities implements IPublicCapability, IInitialStateExcludedCapability
return [
'bruteforce' => [
'delay' => $this->throttler->getDelay($this->request->getRemoteAddress()),
- 'allow-listed' => $this->throttler->isIPWhitelisted($this->request->getRemoteAddress()),
+ 'allow-listed' => $this->throttler->isBypassListed($this->request->getRemoteAddress()),
],
];
}
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index ce70d091f7c..a0cc5ae4ecb 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -80,7 +80,7 @@ class Throttler implements IThrottler {
}
$ipAddress = new IpAddress($ip);
- if ($this->isIPWhitelisted((string)$ipAddress)) {
+ if ($this->isBypassListed((string)$ipAddress)) {
return;
}
@@ -110,7 +110,7 @@ class Throttler implements IThrottler {
* @param string $ip
* @return bool
*/
- public function isIPWhitelisted(string $ip): bool {
+ public function isBypassListed(string $ip): bool {
if (isset($this->ipIsWhitelisted[$ip])) {
return $this->ipIsWhitelisted[$ip];
}
@@ -200,7 +200,7 @@ class Throttler implements IThrottler {
}
$ipAddress = new IpAddress($ip);
- if ($this->isIPWhitelisted((string)$ipAddress)) {
+ if ($this->isBypassListed((string)$ipAddress)) {
return 0;
}
@@ -245,7 +245,7 @@ class Throttler implements IThrottler {
}
$ipAddress = new IpAddress($ip);
- if ($this->isIPWhitelisted((string)$ipAddress)) {
+ if ($this->isBypassListed((string)$ipAddress)) {
return;
}
@@ -268,7 +268,7 @@ class Throttler implements IThrottler {
}
$ipAddress = new IpAddress($ip);
- if ($this->isIPWhitelisted((string)$ipAddress)) {
+ if ($this->isBypassListed((string)$ipAddress)) {
return;
}
diff --git a/lib/public/Security/Bruteforce/IThrottler.php b/lib/public/Security/Bruteforce/IThrottler.php
index 03c8c56a23c..620a53fd354 100644
--- a/lib/public/Security/Bruteforce/IThrottler.php
+++ b/lib/public/Security/Bruteforce/IThrottler.php
@@ -66,6 +66,16 @@ interface IThrottler {
*/
public function registerAttempt(string $action, string $ip, array $metadata = []): void;
+
+ /**
+ * Check if the IP is allowed to bypass the brute force protection
+ *
+ * @param string $ip
+ * @return bool
+ * @since 28.0.0
+ */
+ public function isBypassListed(string $ip): bool;
+
/**
* Get the throttling delay (in milliseconds)
*