aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--apps/provisioning_api/lib/Controller/UsersController.php2
-rw-r--r--apps/settings/lib/Controller/UsersController.php2
-rw-r--r--build/integration/features/bootstrap/BasicStructure.php6
-rw-r--r--build/integration/features/bootstrap/FeatureContext.php7
-rw-r--r--build/integration/features/provisioning-v1.feature7
5 files changed, 22 insertions, 2 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index 301ee47c0a6..69bd5548d68 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -894,7 +894,7 @@ class UsersController extends AUserDataOCSController {
*/
#[PasswordConfirmationRequired]
#[NoAdminRequired]
- #[UserRateLimit(limit: 50, period: 60)]
+ #[UserRateLimit(limit: 50, period: 600)]
public function editUser(string $userId, string $key, string $value): DataResponse {
$currentLoggedInUser = $this->userSession->getUser();
diff --git a/apps/settings/lib/Controller/UsersController.php b/apps/settings/lib/Controller/UsersController.php
index 5af16878e8e..13f1f9249bc 100644
--- a/apps/settings/lib/Controller/UsersController.php
+++ b/apps/settings/lib/Controller/UsersController.php
@@ -32,6 +32,7 @@ use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\TemplateResponse;
@@ -314,6 +315,7 @@ class UsersController extends Controller {
*/
#[NoAdminRequired]
#[PasswordConfirmationRequired]
+ #[UserRateLimit(limit: 5, period: 60)]
public function setUserSettings(?string $avatarScope = null,
?string $displayname = null,
?string $displaynameScope = null,
diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php
index 60926e65f5c..57d18757212 100644
--- a/build/integration/features/bootstrap/BasicStructure.php
+++ b/build/integration/features/bootstrap/BasicStructure.php
@@ -121,7 +121,11 @@ trait BasicStructure {
* @return string
*/
public function getOCSResponse($response) {
- return simplexml_load_string($response->getBody())->meta[0]->statuscode;
+ $body = simplexml_load_string((string)$response->getBody());
+ if ($body === false) {
+ throw new \RuntimeException('Could not parse OCS response, body is not valid XML');
+ }
+ return $body->meta[0]->statuscode;
}
/**
diff --git a/build/integration/features/bootstrap/FeatureContext.php b/build/integration/features/bootstrap/FeatureContext.php
index 59f1d0068dd..c91c5e7cfa3 100644
--- a/build/integration/features/bootstrap/FeatureContext.php
+++ b/build/integration/features/bootstrap/FeatureContext.php
@@ -13,9 +13,16 @@ require __DIR__ . '/../../vendor/autoload.php';
* Features context.
*/
class FeatureContext implements Context, SnippetAcceptingContext {
+ use AppConfiguration;
use ContactsMenu;
use ExternalStorage;
use Search;
use WebDav;
use Trashbin;
+
+ protected function resetAppConfigs(): void {
+ $this->deleteServerConfig('bruteForce', 'whitelist_0');
+ $this->deleteServerConfig('bruteForce', 'whitelist_1');
+ $this->deleteServerConfig('bruteforcesettings', 'apply_allowlist_to_ratelimit');
+ }
}
diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature
index 12498bedd7f..32dfebb5c7d 100644
--- a/build/integration/features/provisioning-v1.feature
+++ b/build/integration/features/provisioning-v1.feature
@@ -4,6 +4,9 @@
Feature: provisioning
Background:
Given using api version "1"
+ Given parameter "whitelist_0" of app "bruteForce" is set to "127.0.0.1"
+ Given parameter "whitelist_1" of app "bruteForce" is set to "::1"
+ Given parameter "apply_allowlist_to_ratelimit" of app "bruteforcesettings" is set to "true"
Scenario: Getting an not existing user
Given As an "admin"
@@ -604,6 +607,7 @@ Feature: provisioning
| settings |
| sharebymail |
| systemtags |
+ | testing |
| theming |
| twofactor_backupcodes |
| updatenotification |
@@ -629,6 +633,7 @@ Feature: provisioning
And the HTTP status code should be "200"
Scenario: enable an app
+ Given invoking occ with "app:disable testing"
Given As an "admin"
And app "testing" is disabled
When sending "POST" to "/cloud/apps/testing"
@@ -643,12 +648,14 @@ Feature: provisioning
And the HTTP status code should be "200"
Scenario: disable an app
+ Given invoking occ with "app:enable testing"
Given As an "admin"
And app "testing" is enabled
When sending "DELETE" to "/cloud/apps/testing"
Then the OCS status code should be "100"
And the HTTP status code should be "200"
And app "testing" is disabled
+ Given invoking occ with "app:enable testing"
Scenario: disable an user
Given As an "admin"
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-05 15:10:51 +0000