Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dav): Rate limit calendar/subscription creation #43732

Merged
merged 1 commit into from
Feb 23, 2024
Merged

fix(dav): Rate limit calendar/subscription creation #43732

merged 1 commit into from
Feb 23, 2024

Conversation

ChristophWurst
Copy link
Member

@ChristophWurst ChristophWurst commented Feb 21, 2024
edited
Loading

Summary

Adds rate limiting for new calendars and subscriptions.

Checklist

@ChristophWurst ChristophWurst added bug 3. to review Waiting for reviews feature: dav feature: caldav Related to CalDAV internals labels Feb 21, 2024
@ChristophWurst ChristophWurst added this to the Nextcloud 29 milestone Feb 21, 2024
@ChristophWurst ChristophWurst self-assigned this Feb 21, 2024
ChristophWurst
ChristophWurst commented Feb 21, 2024
View reviewed changes
apps/dav/lib/CalDAV/Security/RateLimitingPlugin.php Outdated
throw new TooManyRequests('Too many calendars created', 0, $e);
}

$calendarLimit = $this->config->getValueInt('dav', 'maximum_calendars', 30);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm open for input on a reasonable limit for 99% of users. someone will exceed it and they need the admin to increase the limit. this is acceptable.

miaulalala
miaulalala approved these changes Feb 21, 2024
View reviewed changes
Copy link
Contributor

@miaulalala miaulalala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

joshtrichards
joshtrichards reviewed Feb 21, 2024
View reviewed changes
.htaccess Outdated Show resolved Hide resolved
tcitworld
tcitworld reviewed Feb 21, 2024
View reviewed changes
Copy link
Member

@tcitworld tcitworld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you test how the Calendar app currently handles the TooManyRequests exception? When creating calendars/subscriptions/holiday calendars/imports

Mind creating an issue to make sure this is tracked?

apps/dav/lib/Server.php Show resolved Hide resolved
apps/dav/lib/CalDAV/Security/RateLimitingPlugin.php Outdated Show resolved Hide resolved
apps/dav/lib/CalDAV/Security/RateLimitingPlugin.php Outdated Show resolved Hide resolved
@ChristophWurst ChristophWurst mentioned this pull request Feb 22, 2024
Open
@ChristophWurst
Copy link
Member Author

Did you test how the Calendar app currently handles the TooManyRequests exception? When creating calendars/subscriptions/holiday calendars/imports

Mind creating an issue to make sure this is tracked?

Sure! nextcloud/calendar#5792

@ChristophWurst ChristophWurst force-pushed the fix/dav/rate-limit-create-calendar branch from 7f07be8 to 9bfa1a3 Compare February 22, 2024 08:20
@ChristophWurst ChristophWurst mentioned this pull request Feb 22, 2024
Merged
@ChristophWurst ChristophWurst added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Feb 22, 2024
This was referenced Feb 22, 2024
Merged
Merged
Merged
@ChristophWurst
Copy link
Member Author

/backport! to stable28

@ChristophWurst
Copy link
Member Author

/backport! to stable27

@ChristophWurst
Copy link
Member Author

/backport! to stable26

@backportbot backportbot bot mentioned this pull request Feb 22, 2024
Merged
2 tasks
This was referenced Feb 22, 2024
Merged
Merged
@ChristophWurst ChristophWurst force-pushed the fix/dav/rate-limit-create-calendar branch from 9bfa1a3 to dc7f2ba Compare February 23, 2024 07:53
@ChristophWurst ChristophWurst merged commit f1c79cd into master Feb 23, 2024
159 checks passed
@ChristophWurst ChristophWurst deleted the fix/dav/rate-limit-create-calendar branch February 23, 2024 12:54
@blizzz blizzz mentioned this pull request Mar 5, 2024
Merged
@ChristophWurst ChristophWurst mentioned this pull request Mar 11, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tcitworld tcitworld tcitworld approved these changes

@miaulalala miaulalala miaulalala approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@joshtrichards joshtrichards Awaiting requested review from joshtrichards

Assignees

@ChristophWurst ChristophWurst

Labels
4. to release Ready to be released and/or waiting for tests to finish bug feature: caldav Related to CalDAV internals feature: dav
Projects
💌 📅 👥 Groupware team
Archived in project
Milestone
Nextcloud 29
Development

Successfully merging this pull request may close these issues.
4 participants
@ChristophWurst @joshtrichards @tcitworld @miaulalala