Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reset bruteforce attempt table on successful login #7263

Merged
merged 1 commit into from
Nov 24, 2017
Merged

Reset bruteforce attempt table on successful login #7263

merged 1 commit into from
Nov 24, 2017

Conversation

MorrisJobke
Copy link
Member

Relaxes a lot the situation for people that went into the brute force trap (like in #3058 or #7228)

@MorrisJobke MorrisJobke added this to the Nextcloud 13 milestone Nov 23, 2017
@MorrisJobke MorrisJobke mentioned this pull request Nov 23, 2017
Closed
@MorrisJobke MorrisJobke mentioned this pull request Nov 23, 2017
Closed
LukasReschke
LukasReschke previously requested changes Nov 23, 2017
View reviewed changes
Copy link
Member

@LukasReschke LukasReschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests are failing now. Code looks good otherwise :)

@skjnldsv
Copy link
Member

Hum, is this related to this pr?
inet_pton(): Unrecognized address

@nickvergessen
Copy link
Member

yes

@MorrisJobke
Reset bruteforce attempt table on successful login
5a270c2 
* only clear the entries that come from the same subnet, same action and same metadata

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
@MorrisJobke MorrisJobke force-pushed the clean-bruteforce-attempt-on-success branch from 0d6a08e to 5a270c2 Compare November 24, 2017 13:59
@codecov
Copy link

codecov bot commented Nov 24, 2017
edited
Loading

Codecov Report

Merging #7263 into master will decrease coverage by <.01%.
The diff coverage is 9.52%.

@@             Coverage Diff              @@
##             master    #7263      +/-   ##
============================================
- Coverage     50.86%   50.85%   -0.01%     
- Complexity    24550    24553       +3     
============================================
  Files          1585     1585              
  Lines         93811    93830      +19     
  Branches       1354     1354              
============================================
+ Hits          47716    47717       +1     
- Misses        46095    46113      +18
Impacted Files Coverage Δ Complexity Δ
lib/private/Security/Bruteforce/Throttler.php 38.13% <0%> (-5.14%) 27 <2> (+2)
lib/base.php 3.12% <28.57%> (+0.16%) 167 <7> (+1) ⬆️

@LukasReschke LukasReschke merged commit ee4262f into master Nov 24, 2017
@LukasReschke LukasReschke deleted the clean-bruteforce-attempt-on-success branch November 24, 2017 14:53
@LukasReschke
Copy link
Member

🐘

@AussieCodeKing71
Copy link

From what I can see here it looks like this is planned for NC13. Will this change be rolled out in NC12 (and maybe other versions) too?

@MorrisJobke
Copy link
Member Author

From what I can see here it looks like this is planned for NC13. Will this change be rolled out in NC12 (and maybe other versions) too?

As of now that backport to 12 is not planned, but maybe we should backport this.

@karlitschek @rullzer @blizzz @LukasReschke Opinions on that one?

@karlitschek
Copy link
Member

Should be low risk of breaking things. So I would vote for a backport

@blizzz blizzz mentioned this pull request Dec 16, 2017
Closed
@MorrisJobke MorrisJobke mentioned this pull request Feb 15, 2018
Closed
@MorrisJobke MorrisJobke mentioned this pull request Apr 11, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skjnldsv skjnldsv skjnldsv approved these changes

@LukasReschke LukasReschke LukasReschke approved these changes

@rullzer rullzer Awaiting requested review from rullzer

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@blizzz blizzz Awaiting requested review from blizzz

Assignees
No one assigned
Labels
3. to review Waiting for reviews enhancement security
Projects
None yet
Milestone
Nextcloud 13
Development

Successfully merging this pull request may close these issues.

Clear bruteforce protection from user upon successful login
6 participants
@MorrisJobke @skjnldsv @nickvergessen @LukasReschke @AussieCodeKing71 @karlitschek