1 files changed, 6 insertions, 3 deletions

diff --git a/apps/dav/lib/Connector/Sabre/PublicAuth.php b/apps/dav/lib/Connector/Sabre/PublicAuth.php
index ea59d9efc8f..b5d9ce3db72 100644
--- a/apps/dav/lib/Connector/Sabre/PublicAuth.php
+++ b/apps/dav/lib/Connector/Sabre/PublicAuth.php
@@ -15,6 +15,7 @@ use OCP\Defaults;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\Security\Bruteforce\IThrottler;
+use OCP\Security\Bruteforce\MaxDelayReached;
 use OCP\Share\Exceptions\ShareNotFound;
 use OCP\Share\IManager;
 use OCP\Share\IShare;
@@ -56,6 +57,7 @@ class PublicAuth extends AbstractBasic {
 	 *
 	 * @return array
 	 * @throws NotAuthenticated
+	 * @throws MaxDelayReached
 	 * @throws ServiceUnavailable
 	 */
 	public function check(RequestInterface $request, ResponseInterface $response): array {
@@ -75,7 +77,8 @@ class PublicAuth extends AbstractBasic {
 			}
 
 			return $this->checkToken();
-		} catch (NotAuthenticated $e) {
+		} catch (NotAuthenticated|MaxDelayReached $e) {
+			$this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress());
 			throw $e;
 		} catch (\Exception $e) {
 			$class = get_class($e);
@@ -94,7 +97,7 @@ class PublicAuth extends AbstractBasic {
 		$path = $this->request->getPathInfo() ?: '';
 		// ['', 'dav', 'files', 'token']
 		$splittedPath = explode('/', $path);
-		
+
 		if (count($splittedPath) < 4 || $splittedPath[3] === '') {
 			throw new NotFound();
 		}
@@ -176,7 +179,7 @@ class PublicAuth extends AbstractBasic {
 					}
 					return true;
 				}
-				
+
 				if ($this->session->exists(PublicAuth::DAV_AUTHENTICATED)
 					&& $this->session->get(PublicAuth::DAV_AUTHENTICATED) === $share->getId()) {
 					return true;