Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expired tokens should not trigger bruteforce protection #12140

Merged
merged 2 commits into from
Oct 30, 2018
Merged

Expired tokens should not trigger bruteforce protection #12140

merged 2 commits into from
Oct 30, 2018

Conversation

rullzer
Copy link
Member

@rullzer rullzer commented Oct 30, 2018
edited
Loading

The first commit is a cleanup one since apparently the Exception was in the wrong namespace 🙈

Second commit is the actual fix.

Fixes #12131

@rullzer rullzer added this to the Nextcloud 15 milestone Oct 30, 2018
ChristophWurst
ChristophWurst approved these changes Oct 30, 2018
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense!

Dagefoerde
Dagefoerde approved these changes Oct 30, 2018
View reviewed changes
Copy link
Member

@Dagefoerde Dagefoerde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐘

@MorrisJobke MorrisJobke added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Oct 30, 2018
MorrisJobke
MorrisJobke approved these changes Oct 30, 2018
View reviewed changes
Copy link
Member

@MorrisJobke MorrisJobke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code makes sense 👍

@rullzer
Move ExpiredTokenException to the correct namespace
674930d 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Error out early on an expired token
2223d19 
Fixes #12131

If we hit an expired token there is no need to continue checking. Since
we know it is a token.

We also should not register this with the bruteforce throttler as it is
actually a valid token. Just expired. Instead the authentication should
fail. And buisness continues as usual.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer merged commit a51c837 into master Oct 30, 2018
@rullzer rullzer deleted the fix/expired_token_throttler branch October 30, 2018 19:17
@Dagefoerde Dagefoerde mentioned this pull request Oct 31, 2018
Merged
@rullzer rullzer mentioned this pull request Nov 2, 2018
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Nov 29, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MorrisJobke MorrisJobke MorrisJobke approved these changes

@Dagefoerde Dagefoerde Dagefoerde approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish enhancement
Projects
None yet
Milestone
Nextcloud 15
Development

Successfully merging this pull request may close these issues.

Expired tokens should not trigger bruteforce protection
4 participants
@rullzer @MorrisJobke @Dagefoerde @ChristophWurst