Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a public interface for the bruteforce throttler and register for … #33081

Merged
merged 1 commit into from
Jul 28, 2022
Merged

Add a public interface for the bruteforce throttler and register for … #33081

merged 1 commit into from
Jul 28, 2022

Conversation

nickvergessen
Copy link
Member

…injection

While it is possible already to bruteforce throttle requests with a simple annotation and then calling $response->throttle():

/**
 * @BruteForceProtection(action=login)
 */
public function tryLogin(): TemplateResponse {
    // …
    $response->throttle();
    return $response;
}

Apps are currently unable to:

  • Reset the delay for an IP
  • Show the delay similarly to the login page

With the added interface this is now possible without having to use private API

@nickvergessen nickvergessen added enhancement 3. to review Waiting for reviews labels Jul 1, 2022
@nickvergessen nickvergessen added this to the Nextcloud 25 milestone Jul 1, 2022
@nickvergessen nickvergessen requested review from miaulalala, julien-nc, a team, PVince81, icewind1991 and CarlSchwan and removed request for a team July 1, 2022 09:24
@nickvergessen nickvergessen force-pushed the techdebt/noid/ocp-security-bruteforce-ithrottler branch from 0937cb4 to ffaec5d Compare July 1, 2022 09:34
@nickvergessen nickvergessen mentioned this pull request Jul 1, 2022
Closed
4 tasks
@PVince81
Copy link
Member

@nickvergessen please cleanup fixup commits then this is good to go

@PVince81 PVince81 added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Jul 27, 2022
@nickvergessen
Add a public interface for the bruteforce throttler and register for …
c0f47af 
…injection

Signed-off-by: Joas Schilling <coding@schilljs.com>
@nickvergessen nickvergessen force-pushed the techdebt/noid/ocp-security-bruteforce-ithrottler branch from 5009519 to c0f47af Compare July 28, 2022 08:57
@nickvergessen
Copy link
Member Author

rebased and squashed

@PVince81
Copy link
Member

jackpot, all green!

@PVince81 PVince81 merged commit 7566692 into master Jul 28, 2022
@PVince81 PVince81 deleted the techdebt/noid/ocp-security-bruteforce-ithrottler branch July 28, 2022 11:34
@skjnldsv skjnldsv mentioned this pull request Aug 11, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CarlSchwan CarlSchwan CarlSchwan approved these changes

@miaulalala miaulalala miaulalala approved these changes

@julien-nc julien-nc Awaiting requested review from julien-nc

@PVince81 PVince81 Awaiting requested review from PVince81

@icewind1991 icewind1991 Awaiting requested review from icewind1991

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish enhancement
Projects
None yet
Milestone
Nextcloud 25
Development

Successfully merging this pull request may close these issues.
4 participants
@nickvergessen @PVince81 @miaulalala @CarlSchwan