(1.1.0) Password Protected Public Link Subfolder issue

[voroyam]

There is an issue when moving inside a subfolder and back when accessing a password protected public link.

1. create a folder and a subfolder
2. share the folder as a public link and add a password
3. access the public link, enter password, move to the subfolder and back up

expected you can move from subfolder to the top folder

actual result you get an error that the directory is unavailable. If you try again - you get a warning that you tried it too many times.

a downgrade to the previous version (1.0.1) fixes the issue for now.

The actual error is in here https://github.com/owncloud/brute_force_protection/blob/v1.1.0/lib/Throttle.php#L103-L116

as found by our great @pako81

[pako81]

The actual error is in here https://github.com/owncloud/brute_force_protection/blob/v1.1.0/lib/Throttle.php#L103-L116

The thing is that the share.beforepasswordcheck event (which then calls https://github.com/owncloud/brute_force_protection/blob/master/lib/Hooks.php#L156) seems to be triggered every time you navigate through the folders tree.

For instance, lowering the config key brute_force_protection_time_threshold to the minimum of 1 sec and moving slowly back and forth the folders tree make the issue to "disappear".

Also it is expected to see this issue on 1.0.1 only since in this version we first introduced protection for public links page.

Not sure if this requires a core fix or rather a brute_force_protection app fix. @karakayasemi maybe you have some thoughts?

[karakayasemi]

Looks like core is wrongly emitting share.failedpasswordcheck in described scenario. I will look at it detailly and try to prepare a fix pr on core side.

[karakayasemi]

The fix pr open in here: https://github.com/owncloud/core/pull/38016, @voroyam @pako81 you can help by testing the pr with related scenario. Thank you for detailly issue report guys.

[pako81]

Confirmed that https://github.com/owncloud/core/pull/38016 solves the issue. @karakayasemi thanks - nice job!