From a5ccb31e85bc4b471ac64d69551d02ae8a2e39e1 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 1 May 2017 18:31:45 +0200 Subject: Mark IP as whitelisted if brute force protection is disabled Currently, when disabling the brute force protection no new brute force attempts are logged. However, the ones logged within the last 24 hours will still be used for throttling. This is quite an unexpected behaviour and caused some support issues. With this change when the brute force protection is disabled also the existing attempts within the last 24 hours will be disregarded. Signed-off-by: Lukas Reschke --- lib/private/Security/Bruteforce/Throttler.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php index b2524b63c63..ee02bc5a1c4 100644 --- a/lib/private/Security/Bruteforce/Throttler.php +++ b/lib/private/Security/Bruteforce/Throttler.php @@ -133,6 +133,10 @@ class Throttler { * @return bool */ private function isIPWhitelisted($ip) { + if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) { + return true; + } + $keys = $this->config->getAppKeys('bruteForce'); $keys = array_filter($keys, function($key) { $regex = '/^whitelist_/S'; -- cgit v1.2.3