mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make the throttling O(2^n) instead of O(n^n) 

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2020-03-19 13:31:07 +01:00
parent 64539a6ee1
commit 6f751d01db
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/private/Security/Bruteforce/Throttler.php
View File

@ -53,6 +53,7 @@ use OCP\Security\Bruteforce\MaxDelayReached;
class Throttler {
public const LOGIN_ACTION = 'login';
public const MAX_DELAY = 25;
public const MAX_ATTEMPTS = 10;
/** @var IDBConnection */
private $db;
@ -260,18 +261,17 @@ class Throttler {
return 0;
}
$maxDelay = self::MAX_DELAY;
$firstDelay = 0.1;
if ($attempts > (8 * PHP_INT_SIZE - 1)) {
if ($attempts > self::MAX_ATTEMPTS) {
// Don't ever overflow. Just assume the maxDelay time:s
$firstDelay = $maxDelay;
} else {
$firstDelay *= pow(2, $attempts);
if ($firstDelay > $maxDelay) {
$firstDelay = $maxDelay;
}
return self::MAX_DELAY;
}
return (int) \ceil($firstDelay * 1000);
$delay = $firstDelay * 2**$attempts;
if ($delay > self::MAX_DELAY) {
return self::MAX_DELAY;
}
return (int) \ceil($delay * 1000);
}
/**