Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

People ending up brute-force protected when having a conversation open that is being deleted #8328

Open
nickvergessen opened this issue Nov 9, 2022 · 3 comments
Open

People ending up brute-force protected when having a conversation open that is being deleted #8328

nickvergessen opened this issue Nov 9, 2022 · 3 comments
Labels
1. to develop bug feature: conversations 👥 feature: frontend 🖌️ "Web UI" client
Milestone
💚 Next Patch (29)

Comments

@nickvergessen
Copy link
Member

Happened today with our colleague Alba

[09/Nov/2022:13:59:26 +0000] "POST /ocs/v2.php/apps/spreed/api/v4/room/ABC/participants/active HTTP/1.1" 404 929 "-" "Mozilla/5.0" 33549
[09/Nov/2022:13:59:26 +0000] "GET /ocs/v2.php/apps/spreed/api/v4/room/ABC HTTP/1.1" 404 830 "-" "Mozilla/5.0" 431673
[09/Nov/2022:13:59:39 +0000] "POST /ocs/v2.php/apps/spreed/api/v4/room/ABC/participants/active HTTP/1.1" 404 929 "-" "Mozilla/5.0" 47989
[09/Nov/2022:13:59:40 +0000] "GET /ocs/v2.php/apps/spreed/api/v4/room/ABC HTTP/1.1" 404 868 "-" "Mozilla/5.0" 1635294
[09/Nov/2022:14:00:02 +0000] "POST /ocs/v2.php/apps/spreed/api/v4/room/ABC/participants/active HTTP/1.1" 404 929 "-" "Mozilla/5.0" 39757
[09/Nov/2022:14:00:03 +0000] "GET /ocs/v2.php/apps/spreed/api/v4/room/ABC HTTP/1.1" 404 868 "-" "Mozilla/5.0" 6437726
[09/Nov/2022:14:00:43 +0000] "POST /ocs/v2.php/apps/spreed/api/v4/room/ABC/participants/active HTTP/1.1" 404 929 "-" "Mozilla/5.0" 41701
[09/Nov/2022:14:00:44 +0000] "GET /ocs/v2.php/apps/spreed/api/v4/room/ABC HTTP/1.1" 404 868 "-" "Mozilla/5.0" 50033972

Maybe the bruteforce protection can be tweaked in a way that only different room attempts or passwords end up brute force throttling.
@nickvergessen nickvergessen added 1. to develop bug feature: api 🛠️ OCS API for conversations, chats and participants labels Nov 9, 2022
@nickvergessen nickvergessen added this to the 💖 Next Patch (25) milestone Nov 9, 2022
@nickvergessen nickvergessen mentioned this issue Feb 17, 2023
Closed
@vitormattos
Copy link
Contributor

vitormattos commented Mar 17, 2023
edited
Loading

I tried to reproduce this scenario doing the follow:

  • open a window of browser A
  • authenticate as admin
  • create a room X
  • add participant1 to room X
  • open a window of browser B
  • authenticate as participant1
  • join to room X
  • Do a tail at log file of http server
  • Return to browser A window
  • delete the room X

Then I can't receive the same routes path as reported at description of this issue.
The unique 404 entry that I receive is the follow:

[17/Mar/2023:13:54:53 +0000] "GET /ocs/v2.php/apps/spreed/api/v3/signaling/2o8rqgsg HTTP/1.1" 404 109 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0" "-"

How can I reproduce this scenario and get the 404 error?

@nickvergessen
Copy link
Member Author

Maybe the HPB is required, as we have that on our instance

@vitormattos
Copy link
Contributor

I did the same with HPB and can't reproduce this log.

@nickvergessen nickvergessen added feature: frontend 🖌️ "Web UI" client and removed feature: api 🛠️ OCS API for conversations, chats and participants labels Aug 23, 2023
@nickvergessen nickvergessen removed this from the 16.0.7 milestone Oct 27, 2023
@nickvergessen nickvergessen added this to the 💝 Next Patch (28) milestone Nov 21, 2023
@nickvergessen nickvergessen mentioned this issue Aug 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop bug feature: conversations 👥 feature: frontend 🖌️ "Web UI" client
Projects
None yet
Milestone
💚 Next Patch (29)
Development

No branches or pull requests
4 participants
@nickvergessen @vitormattos @DorraJaouad @Antreesy