From 1d550ab95e55e5130839080478e27a1093695aa0 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 1 Dec 2021 18:01:22 +0100
Subject: [PATCH] Don't query the bruteforce attempts when we just deleted them

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/private/Security/Bruteforce/Throttler.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 6c898cdf7e6c4..fa4c58e455953 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -66,6 +66,8 @@ class Throttler {
 	private $logger;
 	/** @var IConfig */
 	private $config;
+	/** @var bool */
+	private $hasAttemptsDeleted = false;
 
 	/**
 	 * @param IDBConnection $db
@@ -230,7 +232,7 @@ public function getAttempts(string $ip, string $action = '', float $maxAgeHours
 			$maxAgeHours = 48;
 		}
 
-		if ($ip === '') {
+		if ($ip === '' || $this->hasAttemptsDeleted) {
 			return 0;
 		}
 
@@ -306,7 +308,9 @@ public function resetDelay(string $ip, string $action, array $metadata): void {
 			->andWhere($qb->expr()->eq('action', $qb->createNamedParameter($action)))
 			->andWhere($qb->expr()->eq('metadata', $qb->createNamedParameter(json_encode($metadata))));
 
-		$qb->execute();
+		$qb->executeStatement();
+
+		$this->hasAttemptsDeleted = true;
 	}
 
 	/**