Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(bruteforce): allows to configure max attempts before request abort #49599

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(bruteforce): allows to configure max attempts before request abort #49599

wants to merge 1 commit into from
+13 −2

Conversation

Altahrim
Copy link
Collaborator

@Altahrim Altahrim commented Dec 2, 2024

Summary

Allows to configure the number of failed attempts before blocking login requests

Checklist

@Altahrim
chore(bruteforce): allows to configure max attempts before request abort
587f8a9 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
@Altahrim Altahrim added 2. developing Work in progress php Pull requests that update Php code labels Dec 2, 2024
@Altahrim Altahrim self-assigned this Dec 2, 2024
@Altahrim Altahrim requested review from nickvergessen, a team, icewind1991, skjnldsv and come-nc and removed request for a team December 2, 2024 10:54
@Altahrim Altahrim marked this pull request as ready for review December 2, 2024 10:55
@Altahrim Altahrim added this to the Nextcloud 31 milestone Dec 2, 2024
@Altahrim Altahrim added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Dec 2, 2024
come-nc
come-nc reviewed Dec 2, 2024
View reviewed changes
config/config.sample.php
*
* When more than max-attempts login requests are sent to Nextcloud, requests
* will abort with "429 Too Many Requests".
* For security reasons, changfe it only if you know what you are doing.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* For security reasons, changfe it only if you know what you are doing.
* For security reasons, change it only if you know what you are doing.

solracsf
solracsf reviewed Dec 2, 2024
View reviewed changes
config/config.sample.php
@@ -431,6 +431,17 @@
*/
'auth.bruteforce.protection.testing' => false,

/**
* Brute force protection maximum number of attempts before blocking
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Brute force protection maximum number of attempts before blocking
* Brute force protection: maximum number of attempts before blocking

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@come-nc come-nc come-nc left review comments

@solracsf solracsf solracsf left review comments

@nickvergessen nickvergessen nickvergessen approved these changes

@icewind1991 icewind1991 Awaiting requested review from icewind1991 icewind1991 was automatically assigned from nextcloud/server-backend

@skjnldsv skjnldsv Awaiting requested review from skjnldsv skjnldsv was automatically assigned from nextcloud/server-backend

At least 2 approving reviews are required to merge this pull request.

Assignees

@Altahrim Altahrim

Labels
3. to review Waiting for reviews php Pull requests that update Php code
Projects
None yet
Milestone
Nextcloud 31
Development

Successfully merging this pull request may close these issues.
4 participants
@Altahrim @nickvergessen @solracsf @come-nc