Skip to content

Reset bruteforce attempt table on successful login#7263

Merged
LukasReschke merged 1 commit into
masterfrom
clean-bruteforce-attempt-on-success
Nov 24, 2017
Merged

Reset bruteforce attempt table on successful login#7263
LukasReschke merged 1 commit into
masterfrom
clean-bruteforce-attempt-on-success

Conversation

@MorrisJobke

Copy link
Copy Markdown
Member

Relaxes a lot the situation for people that went into the brute force trap (like in #3058 or #7228)

@LukasReschke LukasReschke left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests are failing now. Code looks good otherwise :)

@skjnldsv

Copy link
Copy Markdown
Member

Hum, is this related to this pr?
inet_pton(): Unrecognized address

@nickvergessen

Copy link
Copy Markdown
Member

yes

* only clear the entries that come from the same subnet, same action and same metadata

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
@MorrisJobke MorrisJobke force-pushed the clean-bruteforce-attempt-on-success branch from 0d6a08e to 5a270c2 Compare November 24, 2017 13:59
@codecov

codecov Bot commented Nov 24, 2017

Copy link
Copy Markdown

Codecov Report

Merging #7263 into master will decrease coverage by <.01%.
The diff coverage is 9.52%.

@@             Coverage Diff              @@
##             master    #7263      +/-   ##
============================================
- Coverage     50.86%   50.85%   -0.01%     
- Complexity    24550    24553       +3     
============================================
  Files          1585     1585              
  Lines         93811    93830      +19     
  Branches       1354     1354              
============================================
+ Hits          47716    47717       +1     
- Misses        46095    46113      +18
Impacted Files Coverage Δ Complexity Δ
lib/private/Security/Bruteforce/Throttler.php 38.13% <0%> (-5.14%) 27 <2> (+2)
lib/base.php 3.12% <28.57%> (+0.16%) 167 <7> (+1) ⬆️

@LukasReschke LukasReschke merged commit ee4262f into master Nov 24, 2017
@LukasReschke LukasReschke deleted the clean-bruteforce-attempt-on-success branch November 24, 2017 14:53
@LukasReschke

Copy link
Copy Markdown
Member

🐘

@AussieCodeKing71

Copy link
Copy Markdown

From what I can see here it looks like this is planned for NC13. Will this change be rolled out in NC12 (and maybe other versions) too?

@MorrisJobke

Copy link
Copy Markdown
Member Author

From what I can see here it looks like this is planned for NC13. Will this change be rolled out in NC12 (and maybe other versions) too?

As of now that backport to 12 is not planned, but maybe we should backport this.

@karlitschek @rullzer @blizzz @LukasReschke Opinions on that one?

@karlitschek

Copy link
Copy Markdown
Member

Should be low risk of breaking things. So I would vote for a backport

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Clear bruteforce protection from user upon successful login

6 participants