Merge pull request #50905 from nextcloud/fix/rate-limit-share-creation

2026-02-19 02:38:40 -05:00 · 2025-04-15 10:57:50 +02:00 · 2025-04-15 10:57:50 +02:00 · fbb77270c2
commit fbb77270c2
parent b2a187d296 50dcbdeec6
5 changed files with 46 additions and 1 deletions
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@ -558,6 +558,7 @@ class ShareAPIController extends OCSController {
 	 * 200: Share created
 	 */
 	#[NoAdminRequired]
+	#[UserRateLimit(limit: 20, period: 600)]
 	public function createShare(
 		?string $path = null,
 		?int $permissions = null,
@ -2150,7 +2151,7 @@ class ShareAPIController extends OCSController {
 	 * 200: The email notification was sent successfully
 	 */
 	#[NoAdminRequired]
-	#[UserRateLimit(limit: 5, period: 120)]
+	#[UserRateLimit(limit: 10, period: 600)]
 	public function sendShareEmail(string $id, $password = ''): DataResponse {
 		try {
 			$share = $this->getShareById($id);
--- a/build/integration/config/behat.yml
+++ b/build/integration/config/behat.yml
@ -243,3 +243,14 @@ default:
            regular_user_password: 123456
        - RemoteContext:
            remote: http://localhost:8080
+
+    ratelimiting:
+      paths:
+        - "%paths.base%/../ratelimiting_features"
+      contexts:
+        - RateLimitingContext:
+            baseUrl: http://localhost:8080
+            admin:
+              - admin
+              - admin
+            regular_user_password: 123456
--- a/build/integration/features/bootstrap/RateLimitingContext.php
+++ b/build/integration/features/bootstrap/RateLimitingContext.php
@ -0,0 +1,30 @@
+<?php
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+use Behat\Behat\Context\Context;
+
+class RateLimitingContext implements Context {
+	use BasicStructure;
+	use CommandLine;
+	use Provisioning;
+
+	/**
+	 * @BeforeScenario @RateLimiting
+	 */
+	public function enableRateLimiting() {
+		// Enable rate limiting for the tests.
+		// Ratelimiting is disabled by default, so we need to enable it
+		$this->runOcc(['config:system:set', 'ratelimit.protection.enabled', '--value', 'true', '--type', 'bool']);
+	}
+
+	/**
+	 * @AfterScenario @RateLimiting
+	 */
+	public function disableRateLimiting() {
+		// Restore the default rate limiting configuration.
+		// Ratelimiting is disabled by default, so we need to disable it
+		$this->runOcc(['config:system:set', 'ratelimit.protection.enabled', '--value', 'false', '--type', 'bool']);
+	}
+}
--- a/build/integration/ratelimiting_features/ratelimiting.feature
+++ b/build/integration/ratelimiting_features/ratelimiting.feature
@ -1,5 +1,6 @@
 # SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: AGPL-3.0-or-later
+@RateLimiting
 Feature: ratelimiting

  Background:
--- a/build/integration/run.sh
+++ b/build/integration/run.sh
@ -20,6 +20,8 @@ INSTALLED=$($OCC status | grep installed: | cut -d " " -f 5)
 if [ "$INSTALLED" == "true" ]; then
    # Disable bruteforce protection because the integration tests do trigger them
    $OCC config:system:set auth.bruteforce.protection.enabled --value false --type bool
+    # Disable rate limit protection because the integration tests do trigger them
+    $OCC config:system:set ratelimit.protection.enabled --value false --type bool
    # Allow local remote urls otherwise we can not share
    $OCC config:system:set allow_local_remote_servers --value true --type bool
    # Allow self signed certificates