Skip to content

Add bruteforce protection to the shareinfo endpoint#26945

Merged
rullzer merged 1 commit intomasterfrom
enh/shareinfo/throttle
May 12, 2021
Merged

Add bruteforce protection to the shareinfo endpoint#26945
rullzer merged 1 commit intomasterfrom
enh/shareinfo/throttle

Conversation

@rullzer
Copy link
Member

@rullzer rullzer commented May 11, 2021

Signed-off-by: Roeland Jago Douma roeland@famdouma.nl

@rullzer rullzer added enhancement 3. to review Waiting for reviews labels May 11, 2021
@rullzer rullzer added this to the Nextcloud 22 milestone May 11, 2021
@rullzer
Copy link
Member Author

rullzer commented May 11, 2021

/backport to stable21

@rullzer
Copy link
Member Author

rullzer commented May 11, 2021

/backport to stable20

@rullzer
Copy link
Member Author

rullzer commented May 11, 2021

/backport to stable19

@juliusknorr
Copy link
Member

juliusknorr commented May 12, 2021

Tests need adjustments:


There were 3 failures:

1) OCA\Files_Sharing\Tests\Controller\ShareInfoControllerTest::testNoShare
Failed asserting that two objects are equal.
--- Expected
+++ Actual
@@ @@
     'ETag' => null
     'contentSecurityPolicy' => null
     'featurePolicy' => null
-    'throttled' => false
+    'throttled' => true
     'throttleMetadata' => Array (
+        'token' => 'token'
     )
 )

/drone/src/apps/files_sharing/tests/Controller/ShareInfoControllerTest.php:69

2) OCA\Files_Sharing\Tests\Controller\ShareInfoControllerTest::testWrongPassword
Failed asserting that two objects are equal.
--- Expected
+++ Actual
@@ @@
     'ETag' => null
     'contentSecurityPolicy' => null
     'featurePolicy' => null
-    'throttled' => false
+    'throttled' => true
     'throttleMetadata' => Array (
+        'token' => 'token'
     )
 )

/drone/src/apps/files_sharing/tests/Controller/ShareInfoControllerTest.php:85

3) OCA\Files_Sharing\Tests\Controller\ShareInfoControllerTest::testNoReadPermissions
Failed asserting that two objects are equal.
--- Expected
+++ Actual
@@ @@
     'ETag' => null
     'contentSecurityPolicy' => null
     'featurePolicy' => null
-    'throttled' => false
+    'throttled' => true
     'throttleMetadata' => Array (
+        'token' => 'token'
     )
 )

/drone/src/apps/files_sharing/tests/Controller/ShareInfoControllerTest.php:103

@rullzer rullzer force-pushed the enh/shareinfo/throttle branch from da8b5e3 to 7012945 Compare May 12, 2021 07:34
@rullzer
Add bruteforce protection to the shareinfo endpoint
7012945 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer merged commit 024ed97 into master May 12, 2021
@rullzer rullzer deleted the enh/shareinfo/throttle branch May 12, 2021 08:07
This was referenced May 12, 2021
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@LukasReschke LukasReschke LukasReschke approved these changes

@MorrisJobke MorrisJobke Awaiting requested review from MorrisJobke

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

Assignees

No one assigned

Labels

3. to review Waiting for reviews enhancement

Projects

None yet

Milestone

Nextcloud 22

Development

Successfully merging this pull request may close these issues.

4 participants

@rullzer @juliusknorr @nickvergessen @LukasReschke