From 6854af0cc4eb210832eaf36b8bbd3df151832a85 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 24 Oct 2024 22:04:41 +0200 Subject: [PATCH] feat(bruteforce): Allow forcing the database throttler Using the database is most likely worse for performance, but makes investigating issues a lot easier as it's possible to look directly at the table to see all logged remote addresses and actions. Signed-off-by: Joas Schilling --- config/config.sample.php | 13 ++++++++++++- lib/private/Server.php | 3 ++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/config/config.sample.php b/config/config.sample.php index c8ee3c301aec3..23e9cb5940afe 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -342,7 +342,7 @@ /** * The timeout in seconds for synchronizing address books, e.g. federated system address books (as run by `occ federation:sync-addressbooks`). - * + * * Defaults to ``30`` seconds */ 'carddav_sync_request_timeout' => 30, @@ -405,6 +405,17 @@ */ 'auth.bruteforce.protection.enabled' => true, +/** + * Whether the brute force protection should write into the database even when a memory cache is available + * + * Using the database is most likely worse for performance, but makes investigating + * issues a lot easier as it's possible to look directly at the table to see all + * logged remote addresses and actions. + * + * Defaults to ``false`` + */ +'auth.bruteforce.protection.force.database' => false, + /** * Whether the brute force protection shipped with Nextcloud should be set to testing mode. * diff --git a/lib/private/Server.php b/lib/private/Server.php index 2faae765960ef..0016e2bbb7aa6 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -846,7 +846,8 @@ public function __construct($webRoot, \OC\Config $config) { $this->registerService(\OC\Security\Bruteforce\Backend\IBackend::class, function ($c) { $config = $c->get(\OCP\IConfig::class); - if (ltrim($config->getSystemValueString('memcache.distributed', ''), '\\') === \OC\Memcache\Redis::class) { + if (!$config->getSystemValueBool('auth.bruteforce.protection.force.database', false) + && ltrim($config->getSystemValueString('memcache.distributed', ''), '\\') === \OC\Memcache\Redis::class) { $backend = $c->get(\OC\Security\Bruteforce\Backend\MemoryCacheBackend::class); } else { $backend = $c->get(\OC\Security\Bruteforce\Backend\DatabaseBackend::class);