Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(bruteforce-protection): Don't throw a 500 when MaxDelayReached is… #41937

Merged
merged 1 commit into from
Nov 30, 2023
Merged

fix(bruteforce-protection): Don't throw a 500 when MaxDelayReached is… #41937

merged 1 commit into from
Nov 30, 2023

Conversation

nickvergessen
Copy link
Member

… thrown

Test instructions

diff --git a/index.php b/index.php
index f9756b7b51a..bbadeb4970c 100644
--- a/index.php
+++ b/index.php
@@ -36,6 +36,7 @@ use Psr\Log\LoggerInterface;
 try {
 	require_once __DIR__ . '/lib/base.php';
 
+	throw new MaxDelayReached('Reached maximum delay');
 	OC::handleRequest();
 } catch (\OC\ServiceUnavailableException $ex) {
 	\OC::$server->get(LoggerInterface::class)->error($ex->getMessage(), [
diff --git a/ocs/v1.php b/ocs/v1.php
index 55e9f426aba..cc115d0e352 100644
--- a/ocs/v1.php
+++ b/ocs/v1.php
@@ -58,6 +58,7 @@ try {
 	// side effects in existing apps
 	OC_App::loadApps();
 
+	throw new MaxDelayReached('Reached maximum delay');
 	if (!\OC::$server->getUserSession()->isLoggedIn()) {
 		OC::handleLogin(\OC::$server->getRequest());
 	}

Tested with:

  • Frontpage: curl -k https://nextcloud29.local/index.php/cloud/user?format=json -u admin:admin -i -H 'OCS-APIRequest: true' -H 'Accept: text/html'
  • index.php API call: curl -k https://nextcloud29.local/index.php/cloud/user?format=json -u admin:admin -i -H 'OCS-APIRequest: true'
  • OCS API call: curl -k https://nextcloud29.local/ocs/v2.php/cloud/user?format=json -u admin:admin -i -H 'OCS-APIRequest: true'

Before

$ curl -k https://nextcloud29.local/ocs/v2.php/cloud/user?format=json -u admin:admin -i -H 'OCS-APIRequest: true'
HTTP/1.1 500 Internal Server Error
…
{"ocs":{"meta":{"status":"failure","statuscode":500,"message":"Internal Server Error\nReached maximum delay"},"data":[]}}

After

$ curl -k https://nextcloud29.local/ocs/v2.php/cloud/user?format=json -u admin:admin -i -H 'OCS-APIRequest: true'
HTTP/1.1 429 Too Many Requests
…
{"ocs":{"meta":{"status":"failure","statuscode":429,"message":"Reached maximum delay"},"data":[]}}

Checklist

@nickvergessen nickvergessen added this to the Nextcloud 29 milestone Nov 30, 2023
@nickvergessen nickvergessen self-assigned this Nov 30, 2023
@nickvergessen
Copy link
Member Author

/backport to stable28

@nickvergessen
Copy link
Member Author

/backport to stable27

@nickvergessen
Copy link
Member Author

/backport to stable26

blizzz
blizzz reviewed Nov 30, 2023
View reviewed changes
index.php Outdated Show resolved Hide resolved
@nickvergessen
fix(bruteforce-protection): Don't throw a 500 when MaxDelayReached is…
e5e139f 
… thrown

Signed-off-by: Joas Schilling <coding@schilljs.com>
@nickvergessen nickvergessen force-pushed the bugfix/noid/dont-throw-500-when-max-delay-reached branch from 3db1a61 to e5e139f Compare November 30, 2023 14:01
@AndyScherzinger AndyScherzinger merged commit 254914a into master Nov 30, 2023
50 checks passed
@AndyScherzinger AndyScherzinger deleted the bugfix/noid/dont-throw-500-when-max-delay-reached branch November 30, 2023 20:53
This was referenced Dec 7, 2023
Merged
Merged
Merged
@joshtrichards joshtrichards mentioned this pull request Feb 17, 2024
Closed
4 tasks
@blizzz blizzz mentioned this pull request Mar 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@blizzz blizzz blizzz approved these changes

@miaulalala miaulalala miaulalala approved these changes

Assignees

@nickvergessen nickvergessen

Labels
3. to review Waiting for reviews feature: authentication
Projects
None yet
Milestone
Nextcloud 29
Development

Successfully merging this pull request may close these issues.
4 participants
@nickvergessen @AndyScherzinger @blizzz @miaulalala