5 files changed, 46 insertions, 1 deletions

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 1e1d60aae25..65061a1384d 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -558,6 +558,7 @@ class ShareAPIController extends OCSController {
 	 * 200: Share created
 	 */
 	#[NoAdminRequired]
+	#[UserRateLimit(limit: 20, period: 600)]
 	public function createShare(
 		?string $path = null,
 		?int $permissions = null,
@@ -2150,7 +2151,7 @@ class ShareAPIController extends OCSController {
 	 * 200: The email notification was sent successfully
 	 */
 	#[NoAdminRequired]
-	#[UserRateLimit(limit: 5, period: 120)]
+	#[UserRateLimit(limit: 10, period: 600)]
 	public function sendShareEmail(string $id, $password = ''): DataResponse {
 		try {
 			$share = $this->getShareById($id);
diff --git a/build/integration/config/behat.yml b/build/integration/config/behat.yml
index eec8b5b77fc..45db5105838 100644
--- a/build/integration/config/behat.yml
+++ b/build/integration/config/behat.yml
@@ -243,3 +243,14 @@ default:
             regular_user_password: 123456
         - RemoteContext:
             remote: http://localhost:8080
+
+    ratelimiting:
+      paths:
+        - "%paths.base%/../ratelimiting_features"
+      contexts:
+        - RateLimitingContext:
+            baseUrl: http://localhost:8080
+            admin:
+              - admin
+              - admin
+            regular_user_password: 123456
\ No newline at end of file
diff --git a/build/integration/features/bootstrap/RateLimitingContext.php b/build/integration/features/bootstrap/RateLimitingContext.php
new file mode 100644
index 00000000000..ca198dc5514
--- /dev/null
+++ b/build/integration/features/bootstrap/RateLimitingContext.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+use Behat\Behat\Context\Context;
+
+class RateLimitingContext implements Context {
+	use BasicStructure;
+	use CommandLine;
+	use Provisioning;
+
+	/**
+	 * @BeforeScenario @RateLimiting
+	 */
+	public function enableRateLimiting() {
+		// Enable rate limiting for the tests.
+		// Ratelimiting is disabled by default, so we need to enable it
+		$this->runOcc(['config:system:set', 'ratelimit.protection.enabled', '--value', 'true', '--type', 'bool']);
+	}
+
+	/**
+	 * @AfterScenario @RateLimiting
+	 */
+	public function disableRateLimiting() {
+		// Restore the default rate limiting configuration.
+		// Ratelimiting is disabled by default, so we need to disable it
+		$this->runOcc(['config:system:set', 'ratelimit.protection.enabled', '--value', 'false', '--type', 'bool']);
+	}
+}
diff --git a/build/integration/features/ratelimiting.feature b/build/integration/ratelimiting_features/ratelimiting.feature
index a2fca2fc6be..43cfddec85d 100644
--- a/build/integration/features/ratelimiting.feature
+++ b/build/integration/ratelimiting_features/ratelimiting.feature
@@ -1,5 +1,6 @@
 # SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: AGPL-3.0-or-later
+@RateLimiting
 Feature: ratelimiting
 
   Background:
diff --git a/build/integration/run.sh b/build/integration/run.sh
index 4515cd459ae..cbd3cceb3d1 100755
--- a/build/integration/run.sh
+++ b/build/integration/run.sh
@@ -20,6 +20,8 @@ INSTALLED=$($OCC status | grep installed: | cut -d " " -f 5)
 if [ "$INSTALLED" == "true" ]; then
     # Disable bruteforce protection because the integration tests do trigger them
     $OCC config:system:set auth.bruteforce.protection.enabled --value false --type bool
+    # Disable rate limit protection because the integration tests do trigger them
+    $OCC config:system:set ratelimit.protection.enabled --value false --type bool
     # Allow local remote urls otherwise we can not share
     $OCC config:system:set allow_local_remote_servers --value true --type bool
     # Allow self signed certificates