summaryrefslogtreecommitdiffstats
path: root/lib/private/User
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/User')
-rw-r--r--lib/private/User/Session.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 79bd7c22848..8d12982dd1a 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -310,6 +310,7 @@ class Session implements IUserSession, Emitter {
$password,
IRequest $request,
OC\Security\Bruteforce\Throttler $throttler) {
+ $currentDelay = $throttler->getDelay($request->getRemoteAddress());
$throttler->sleepDelay($request->getRemoteAddress());
$isTokenPassword = $this->isTokenPassword($password);
@@ -326,6 +327,9 @@ class Session implements IUserSession, Emitter {
}
$throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]);
+ if($currentDelay === 0) {
+ $throttler->sleepDelay($request->getRemoteAddress());
+ }
return false;
}
@@ -405,7 +409,6 @@ class Session implements IUserSession, Emitter {
public function tryBasicAuthLogin(IRequest $request,
OC\Security\Bruteforce\Throttler $throttler) {
if (!empty($request->server['PHP_AUTH_USER']) && !empty($request->server['PHP_AUTH_PW'])) {
- $throttler->sleepDelay(\OC::$server->getRequest()->getRemoteAddress());
try {
if ($this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'], $request, $throttler)) {
/**
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-07 23:07:04 +0000