[Bug]: bruteforce messages; logout errors #59290
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
When the Brute-force settings app is deactivated, every ip gets flagged as bruteforcing
The database however does not reflect that:
MariaDB [nextcloud]> select * from oc_bruteforce_attempts;
Empty set (0,001 sec)
Also when I log out, I get the error message "Too many incorrect login attempts. Please try again in 30 seconds." when there was no incorrect login attempt
Steps to reproduce
- disable app Brute-force settings
- look at admin page
Expected behavior
When Brute-force settings is deactivated, there should be no brute force-detection attempt or evaluation thereof. If there was an error message, it should reflect that there is an app to be turned on and what that implies.
Nextcloud Server version
33
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.4
Web server
Nginx
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
Additional info
No response