Skip to content

[13] Expired tokens should not trigger bruteforce protection #12212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MorrisJobke merged 2 commits into from
Nov 2, 2018
Merged

[13] Expired tokens should not trigger bruteforce protection #12212

MorrisJobke merged 2 commits into from
Nov 2, 2018

Conversation

@rullzer
Copy link
Member

@rullzer rullzer commented Nov 2, 2018

Backport of #12140

@rullzer
Move ExpiredTokenException to the correct namespace
04617a2 
Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer
Error out early on an expired token
40d1202 
Fixes #12131

If we hit an expired token there is no need to continue checking. Since
we know it is a token.

We also should not register this with the bruteforce throttler as it is
actually a valid token. Just expired. Instead the authentication should
fail. And buisness continues as usual.

Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer rullzer added enhancement 3. to review Waiting for reviews labels Nov 2, 2018
@rullzer
Copy link
Member Author

rullzer commented Nov 2, 2018

Lets see what CI tells us

@MorrisJobke MorrisJobke added this to the Nextcloud 13.0.8 milestone Nov 2, 2018
@MorrisJobke
Copy link
Member

MorrisJobke commented Nov 2, 2018

Lets see what CI tells us

💚

MorrisJobke
MorrisJobke approved these changes Nov 2, 2018
View reviewed changes
Copy link
Member

@MorrisJobke MorrisJobke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code change is fine with me 👍

@rullzer
Copy link
Member Author

rullzer commented Nov 2, 2018

Nice then lets do it!

Dagefoerde
Dagefoerde approved these changes Nov 2, 2018
View reviewed changes
Copy link
Member

@Dagefoerde Dagefoerde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@MorrisJobke MorrisJobke merged commit afed9ae into stable13 Nov 2, 2018
@MorrisJobke MorrisJobke deleted the backport/12140/stable13 branch November 2, 2018 11:33
@MorrisJobke MorrisJobke mentioned this pull request Nov 13, 2018
Merged
@MorrisJobke MorrisJobke mentioned this pull request Nov 22, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MorrisJobke MorrisJobke MorrisJobke approved these changes

@Dagefoerde Dagefoerde Dagefoerde approved these changes

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

Assignees

No one assigned

Labels

3. to review Waiting for reviews enhancement

Projects

None yet

Milestone

Nextcloud 13.0.8

Development

Successfully merging this pull request may close these issues.

4 participants

@rullzer @MorrisJobke @Dagefoerde