From 6c93fe08f53bff474921d150edabb27ca630edd7 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Fri, 26 Aug 2016 15:10:03 +0200
Subject: dont get bruteforce delay twice

---
 lib/private/Security/Bruteforce/Throttler.php | 5 ++++-
 lib/private/User/Session.php                  | 3 +--
 2 files changed, 5 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 11a343918c6..031c5ffd411 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -225,8 +225,11 @@ class Throttler {
 	 * Will sleep for the defined amount of time
 	 *
 	 * @param string $ip
+	 * @return int the time spent sleeping
 	 */
 	public function sleepDelay($ip) {
-		usleep($this->getDelay($ip) * 1000);
+		$delay = $this->getDelay($ip);
+		usleep($delay * 1000);
+		return $delay;
 	}
 }
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 3b357b69bcf..dec959820f8 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -309,8 +309,7 @@ class Session implements IUserSession, Emitter {
 								$password,
 								IRequest $request,
 								OC\Security\Bruteforce\Throttler $throttler) {
-		$currentDelay = $throttler->getDelay($request->getRemoteAddress());
-		$throttler->sleepDelay($request->getRemoteAddress());
+		$currentDelay = $throttler->sleepDelay($request->getRemoteAddress());
 
 		$isTokenPassword = $this->isTokenPassword($password);
 		if (!$isTokenPassword && $this->isTokenAuthEnforced()) {
-- 
cgit v1.2.3