Closed voroyam closed 3 years ago
The actual error is in here https://github.com/owncloud/brute_force_protection/blob/v1.1.0/lib/Throttle.php#L103-L116
The thing is that the share.beforepasswordcheck
event (which then calls https://github.com/owncloud/brute_force_protection/blob/master/lib/Hooks.php#L156) seems to be triggered every time you navigate through the folders tree.
For instance, lowering the config key brute_force_protection_time_threshold
to the minimum of 1 sec and moving slowly back and forth the folders tree make the issue to "disappear".
Also it is expected to see this issue on 1.0.1 only since in this version we first introduced protection for public links page.
Not sure if this requires a core fix or rather a brute_force_protection app fix. @karakayasemi maybe you have some thoughts?
Looks like core is wrongly emitting share.failedpasswordcheck
in described scenario. I will look at it detailly and try to prepare a fix pr on core side.
The fix pr open in here: https://github.com/owncloud/core/pull/38016, @voroyam @pako81 you can help by testing the pr with related scenario. Thank you for detailly issue report guys.
Confirmed that https://github.com/owncloud/core/pull/38016 solves the issue. @karakayasemi thanks - nice job!
There is an issue when moving inside a subfolder and back when accessing a password protected public link.
expected you can move from subfolder to the top folder
actual result you get an error that the directory is unavailable. If you try again - you get a warning that you tried it too many times.
a downgrade to the previous version (1.0.1) fixes the issue for now.
The actual error is in here https://github.com/owncloud/brute_force_protection/blob/v1.1.0/lib/Throttle.php#L103-L116
as found by our great @pako81