Skip to content

Commit 565d524

Browse files
Merge pull request #52971 from nextcloud/perf/noid/query-performance
2 parents cc22d74 + 1d8556e commit 565d524

1 file changed

Lines changed: 14 additions & 12 deletions

File tree

lib/private/Security/Bruteforce/Throttler.php

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -206,25 +206,27 @@ public function sleepDelay(string $ip, string $action = ''): int {
206206
* {@inheritDoc}
207207
*/
208208
public function sleepDelayOrThrowOnMax(string $ip, string $action = ''): int {
209-
$attempts = $this->getAttempts($ip, $action, 0.5);
210-
if ($attempts > $this->config->getSystemValueInt('auth.bruteforce.max-attempts', self::MAX_ATTEMPTS)) {
211-
$this->logger->info('IP address blocked because it reached the maximum failed attempts in the last 30 minutes [action: {action}, attempts: {attempts}, ip: {ip}]', [
212-
'action' => $action,
213-
'ip' => $ip,
214-
'attempts' => $attempts,
215-
]);
216-
// If the ip made too many attempts within the last 30 mins we don't execute anymore
217-
throw new MaxDelayReached('Reached maximum delay');
218-
}
219-
209+
$maxAttempts = $this->config->getSystemValueInt('auth.bruteforce.max-attempts', self::MAX_ATTEMPTS);
220210
$attempts = $this->getAttempts($ip, $action);
221-
if ($attempts > 10) {
211+
if ($attempts > $maxAttempts) {
212+
$attempts30mins = $this->getAttempts($ip, $action, 0.5);
213+
if ($attempts30mins > $maxAttempts) {
214+
$this->logger->info('IP address blocked because it reached the maximum failed attempts in the last 30 minutes [action: {action}, attempts: {attempts}, ip: {ip}]', [
215+
'action' => $action,
216+
'ip' => $ip,
217+
'attempts' => $attempts30mins,
218+
]);
219+
// If the ip made too many attempts within the last 30 mins we don't execute anymore
220+
throw new MaxDelayReached('Reached maximum delay');
221+
}
222+
222223
$this->logger->info('IP address throttled because it reached the attempts limit in the last 12 hours [action: {action}, attempts: {attempts}, ip: {ip}]', [
223224
'action' => $action,
224225
'ip' => $ip,
225226
'attempts' => $attempts,
226227
]);
227228
}
229+
228230
if ($attempts > 0) {
229231
return $this->calculateDelay($attempts);
230232
}

0 commit comments

Comments
 (0)