upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-10 17:23:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 57

Merge pull request #52815 from nextcloud/backport/52798/stable31

Browse source 
[stable31] fix: log requests exceeding the rate limiting
This commit is contained in:
Daniel 2025-05-17 15:49:52 +02:00 committed by GitHub
commit 41a414d230
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 25 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/private/Security/RateLimiting/Limiter.php
View file

@ -13,10 +13,12 @@ use OC\Security\RateLimiting\Backend\IBackend;
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
use OCP\IUser;
use OCP\Security\RateLimiting\ILimiter;
use Psr\Log\LoggerInterface;
class Limiter implements ILimiter {
public function __construct(
private IBackend $backend,
private LoggerInterface $logger,
) {
}
@ -32,6 +34,11 @@ class Limiter implements ILimiter {
): void {
$existingAttempts = $this->backend->getAttempts($methodIdentifier, $userIdentifier);
if ($existingAttempts >= $limit) {
$this->logger->info('Request blocked because it exceeds the rate limit [method: {method}, limit: {limit}, period: {period}]', [
'method' => $methodIdentifier,
'limit' => $limit,
'period' => $period,
]);
throw new RateLimitExceededException();
}

23
tests/lib/Security/RateLimiting/LimiterTest.php
View file

@ -12,21 +12,26 @@ namespace Test\Security\RateLimiting;
use OC\Security\RateLimiting\Backend\IBackend;
use OC\Security\RateLimiting\Limiter;
use OCP\IUser;
use OCP\Security\RateLimiting\ILimiter;
use PHPUnit\Framework\MockObject\MockObject;
use Psr\Log\LoggerInterface;
use Test\TestCase;
class LimiterTest extends TestCase {
/** @var IBackend|\PHPUnit\Framework\MockObject\MockObject */
private $backend;
/** @var Limiter */
private $limiter;
private IBackend&MockObject $backend;
private ILimiter $limiter;
private LoggerInterface $logger;
protected function setUp(): void {
parent::setUp();
$this->backend = $this->createMock(IBackend::class);
$this->logger = $this->createMock(LoggerInterface::class);
$this->limiter = new Limiter(
$this->backend
$this->backend,
$this->logger,
);
}
@ -43,6 +48,8 @@ class LimiterTest extends TestCase {
'4664f0d9c88dcb7552be47b37bb52ce35977b2e60e1ac13757cf625f31f87050a41f3da064887fa87d49fd042e4c8eb20de8f10464877d3959677ab011b73a47'
)
->willReturn(101);
$this->logger->expects($this->once())
->method('info');
$this->limiter->registerAnonRequest('MyIdentifier', 100, 100, '127.0.0.1');
}
@ -64,6 +71,8 @@ class LimiterTest extends TestCase {
'4664f0d9c88dcb7552be47b37bb52ce35977b2e60e1ac13757cf625f31f87050a41f3da064887fa87d49fd042e4c8eb20de8f10464877d3959677ab011b73a47',
100
);
$this->logger->expects($this->never())
->method('info');
$this->limiter->registerAnonRequest('MyIdentifier', 100, 100, '127.0.0.1');
}
@ -87,6 +96,8 @@ class LimiterTest extends TestCase {
'ddb2ec50fa973fd49ecf3d816f677c8095143e944ad10485f30fb3dac85c13a346dace4dae2d0a15af91867320957bfd38a43d9eefbb74fe6919e15119b6d805'
)
->willReturn(101);
$this->logger->expects($this->once())
->method('info');
$this->limiter->registerUserRequest('MyIdentifier', 100, 100, $user);
}
@ -115,6 +126,8 @@ class LimiterTest extends TestCase {
'ddb2ec50fa973fd49ecf3d816f677c8095143e944ad10485f30fb3dac85c13a346dace4dae2d0a15af91867320957bfd38a43d9eefbb74fe6919e15119b6d805',
100
);
$this->logger->expects($this->never())
->method('info');
$this->limiter->registerUserRequest('MyIdentifier', 100, 100, $user);
}