Merge pull request #22774 from nextcloud/bugfix/noid/no-delay-without-ip

Don't break when the IP is empty
nextcloud · Sep 10, 2020 · 3d61f7b · 3d61f7b
2 parents 40eabfb + c25063d
commit 3d61f7b
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
@@ -227,6 +227,10 @@ private function isIPWhitelisted(string $ip): bool {
 	 * @return int
 	 */
 	public function getAttempts(string $ip, string $action = '', float $maxAgeHours = 12): int {
+		if ($ip === '') {
+			return 0;
+		}
+
 		$ipAddress = new IpAddress($ip);
 		if ($this->isIPWhitelisted((string)$ipAddress)) {
 			return 0;

diff --git a/tests/lib/Security/Bruteforce/CapabilitiesTest.php b/tests/lib/Security/Bruteforce/CapabilitiesTest.php
@@ -40,8 +40,6 @@ protected function setUp(): void {
 		parent::setUp();
 
 		$this->request = $this->createMock(IRequest::class);
-		$this->request->method('getRemoteAddress')
-			->willReturn('10.10.10.10');
 
 		$this->throttler = $this->createMock(Throttler::class);
 
@@ -57,6 +55,9 @@ public function testGetCapabilities() {
 			->with('10.10.10.10')
 			->willReturn(42);
 
+		$this->request->method('getRemoteAddress')
+			->willReturn('10.10.10.10');
+
 		$expected = [
 			'bruteforce' => [
 				'delay' => 42
@@ -66,4 +67,23 @@ public function testGetCapabilities() {
 
 		$this->assertEquals($expected, $result);
 	}
+
+	public function testGetCapabilitiesOnCli() {
+		$this->throttler->expects($this->atLeastOnce())
+			->method('getDelay')
+			->with('')
+			->willReturn(0);
+
+		$this->request->method('getRemoteAddress')
+			->willReturn('');
+
+		$expected = [
+			'bruteforce' => [
+				'delay' => 0
+			]
+		];
+		$result = $this->capabilities->getCapabilities();
+
+		$this->assertEquals($expected, $result);
+	}
 }