From 6c93fe08f53bff474921d150edabb27ca630edd7 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Fri, 26 Aug 2016 15:10:03 +0200
Subject: [PATCH] dont get bruteforce delay twice

---
 lib/private/Security/Bruteforce/Throttler.php |  5 ++++-
 lib/private/User/Session.php                  |  3 +--
 tests/lib/User/SessionTest.php                | 12 ++++++------
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 11a343918c..031c5ffd41 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -225,8 +225,11 @@ class Throttler {
 	 * Will sleep for the defined amount of time
 	 *
 	 * @param string $ip
+	 * @return int the time spent sleeping
 	 */
 	public function sleepDelay($ip) {
-		usleep($this->getDelay($ip) * 1000);
+		$delay = $this->getDelay($ip);
+		usleep($delay * 1000);
+		return $delay;
 	}
 }
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 3b357b69bc..dec959820f 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -309,8 +309,7 @@ class Session implements IUserSession, Emitter {
 								$password,
 								IRequest $request,
 								OC\Security\Bruteforce\Throttler $throttler) {
-		$currentDelay = $throttler->getDelay($request->getRemoteAddress());
-		$throttler->sleepDelay($request->getRemoteAddress());
+		$currentDelay = $throttler->sleepDelay($request->getRemoteAddress());
 
 		$isTokenPassword = $this->isTokenPassword($password);
 		if (!$isTokenPassword && $this->isTokenAuthEnforced()) {
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index 379c7e3944..4b8067117b 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -371,7 +371,7 @@ class SessionTest extends \Test\TestCase {
 			->with('token_auth_enforced', false)
 			->will($this->returnValue(true));
 		$request
-			->expects($this->exactly(2))
+			->expects($this->any())
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
@@ -379,7 +379,7 @@ class SessionTest extends \Test\TestCase {
 			->method('sleepDelay')
 			->with('192.168.0.1');
 		$this->throttler
-			->expects($this->once())
+			->expects($this->any())
 			->method('getDelay')
 			->with('192.168.0.1')
 			->willReturn(0);
@@ -412,7 +412,7 @@ class SessionTest extends \Test\TestCase {
 			->method('set')
 			->with('app_password', 'I-AM-AN-APP-PASSWORD');
 		$request
-			->expects($this->exactly(2))
+			->expects($this->any())
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
@@ -420,7 +420,7 @@ class SessionTest extends \Test\TestCase {
 			->method('sleepDelay')
 			->with('192.168.0.1');
 		$this->throttler
-			->expects($this->once())
+			->expects($this->any())
 			->method('getDelay')
 			->with('192.168.0.1')
 			->willReturn(0);
@@ -459,7 +459,7 @@ class SessionTest extends \Test\TestCase {
 			->will($this->returnValue(true));
 
 		$request
-			->expects($this->exactly(2))
+			->expects($this->any())
 			->method('getRemoteAddress')
 			->willReturn('192.168.0.1');
 		$this->throttler
@@ -467,7 +467,7 @@ class SessionTest extends \Test\TestCase {
 			->method('sleepDelay')
 			->with('192.168.0.1');
 		$this->throttler
-			->expects($this->once())
+			->expects($this->any())
 			->method('getDelay')
 			->with('192.168.0.1')
 			->willReturn(0);