fix: call throttler->resetDelay if only when delay present

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
nextcloud · Aug 22, 2024 · ece18f1 · ece18f1
1 parent 5e907e8
commit ece18f1
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/lib/Service/AppAPIService.php b/lib/Service/AppAPIService.php
@@ -282,7 +282,7 @@ private function getUriEncodedParams(array $params): string {
 	 * More info in docs: https://cloud-py-api.github.io/app_api/authentication.html
 	 */
 	public function validateExAppRequestToNC(IRequest $request, bool $isDav = false): bool {
-		$this->throttler->sleepDelayOrThrowOnMax($request->getRemoteAddress(), Application::APP_ID);
+		$delay = $this->throttler->sleepDelayOrThrowOnMax($request->getRemoteAddress(), Application::APP_ID);
 
 		$exAppId = $request->getHeader('EX-APP-ID');
 		if (!$exAppId) {
@@ -346,7 +346,7 @@ public function validateExAppRequestToNC(IRequest $request, bool $isDav = false)
 				}
 			}
 
-			return $this->finalizeRequestToNC($exApp, $userId, $request);
+			return $this->finalizeRequestToNC($exApp, $userId, $request, $delay);
 		} else {
 			$this->logger->error(sprintf('Invalid signature for ExApp: %s and user: %s.', $exApp->getAppid(), $userId !== '' ? $userId : 'null'));
 			$this->throttler->registerAttempt(Application::APP_ID, $request->getRemoteAddress(), [
@@ -364,7 +364,7 @@ public function validateExAppRequestToNC(IRequest $request, bool $isDav = false)
 	 *  - sets active user (null if not a user context)
 	 *  - updates ExApp last response time
 	 */
-	private function finalizeRequestToNC(ExApp $exApp, string $userId, IRequest $request): bool {
+	private function finalizeRequestToNC(ExApp $exApp, string $userId, IRequest $request, int $delay): bool {
 		if ($userId !== '') {
 			$activeUser = $this->userManager->get($userId);
 			if ($activeUser === null) {
@@ -379,10 +379,12 @@ private function finalizeRequestToNC(ExApp $exApp, string $userId, IRequest $req
 		$this->session->set('app_api', true);
 		$this->session->set('app_api_system', true); // TODO: Remove after drop support NC29
 
-		$this->throttler->resetDelay($request->getRemoteAddress(), Application::APP_ID, [
-			'appid' => $request->getHeader('EX-APP-ID'),
-			'userid' => $userId,
-		]);
+		if ($delay) {
+			$this->throttler->resetDelay($request->getRemoteAddress(), Application::APP_ID, [
+				'appid' => $request->getHeader('EX-APP-ID'),
+				'userid' => $userId,
+			]);
+		}
 		return true;
 	}