fixup! fix(dav): Rate limit calendar/subscription creation

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

Author: ChristophWurst

.htaccess

@@ -110,7 +110,3 @@
 
 AddDefaultCharset utf-8
 Options -Indexes
-#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####
-
-ErrorDocument 403 /index.php/error/403
-ErrorDocument 404 /index.php/error/404

apps/dav/appinfo/v1/caldav.php

@@ -29,6 +29,7 @@
 use OC\KnownUser\KnownUserService;
 use OCA\DAV\CalDAV\CalDavBackend;
 use OCA\DAV\CalDAV\CalendarRoot;
+use OCA\DAV\CalDAV\Security\RateLimitingPlugin;
 use OCA\DAV\Connector\LegacyDAVACL;
 use OCA\DAV\Connector\Sabre\Auth;
 use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
@@ -116,6 +117,7 @@
 	$server->addPlugin(\OC::$server->query(\OCA\DAV\CalDAV\Schedule\IMipPlugin::class));
 }
 $server->addPlugin(new ExceptionLoggerPlugin('caldav', $logger));
+$server->addPlugin(\OCP\Server::get(RateLimitingPlugin::class));
 
 // And off we go!
 $server->exec();

apps/dav/lib/CalDAV/Security/RateLimitingPlugin.php

@@ -33,6 +33,7 @@
 use OCP\IUserManager;
 use Psr\Log\LoggerInterface;
 use Sabre\DAV;
+use Sabre\DAV\Exception\Forbidden;
 use Sabre\DAV\ServerPlugin;
 use function count;
 use function explode;
@@ -81,15 +82,15 @@ public function beforeBind(string $path): void {
 			try {
 				$this->limiter->registerUserRequest(
 					'caldav-create-calendar',
-					10,
-					3600,
+					$this->config->getValueInt('dav', 'rateLimitCalendarCreation', 10),
+					$this->config->getValueInt('dav', 'rateLimitPeriodCalendarCreation', 3600),
 					$user
 				);
 			} catch (RateLimitExceededException $e) {
 				throw new TooManyRequests('Too many calendars created', 0, $e);
 			}
 
-			$calendarLimit = $this->config->getValueInt('dav', 'maximum_calendars', 30);
+			$calendarLimit = $this->config->getValueInt('dav', 'maximumCalendarsSubscriptions', 30);
 			if ($calendarLimit === -1) {
 				return;
 			}
@@ -102,7 +103,7 @@ public function beforeBind(string $path): void {
 					'subscription' => $numSubscriptions,
 					'limit' => $calendarLimit,
 				]);
-				throw new TooManyRequests('Calendar limit reached', 0);
+				throw new Forbidden('Calendar limit reached', 0);
 			}
 		}
 	}

apps/dav/tests/unit/CalDAV/Security/RateLimitingPluginTest.php

@@ -35,6 +35,7 @@
 use OCP\IUserManager;
 use PHPUnit\Framework\MockObject\MockObject;
 use Psr\Log\LoggerInterface;
+use Sabre\DAV\Exception\Forbidden;
 use Test\TestCase;
 
 class RateLimitingPluginTest extends TestCase {
@@ -90,6 +91,10 @@ public function testRegisterCalendarCreation(): void {
 			->method('get')
 			->with($this->userId)
 			->willReturn($user);
+		$this->config
+			->method('getValueInt')
+			->with('dav')
+			->willReturnArgument(2);
 		$this->limiter->expects(self::once())
 			->method('registerUserRequest')
 			->with(
@@ -98,10 +103,6 @@ public function testRegisterCalendarCreation(): void {
 				3600,
 				$user,
 			);
-		$this->config->expects(self::once())
-			->method('getValueInt')
-			->with('dav', 'maximum_calendars', 30)
-			->willReturn(12);
 
 		$this->plugin->beforeBind('calendars/foo/cal');
 	}
@@ -112,6 +113,10 @@ public function testCalendarCreationRateLimitExceeded(): void {
 			->method('get')
 			->with($this->userId)
 			->willReturn($user);
+		$this->config
+			->method('getValueInt')
+			->with('dav')
+			->willReturnArgument(2);
 		$this->limiter->expects(self::once())
 			->method('registerUserRequest')
 			->with(
@@ -133,6 +138,10 @@ public function testCalendarLimitReached(): void {
 			->with($this->userId)
 			->willReturn($user);
 		$user->method('getUID')->willReturn('user123');
+		$this->config
+			->method('getValueInt')
+			->with('dav')
+			->willReturnArgument(2);
 		$this->limiter->expects(self::once())
 			->method('registerUserRequest')
 			->with(
@@ -141,15 +150,15 @@ public function testCalendarLimitReached(): void {
 				3600,
 				$user,
 			);
-		$this->config->expects(self::once())
-			->method('getValueInt')
-			->with('dav', 'maximum_calendars', 30)
-			->willReturn(12);
 		$this->caldavBackend->expects(self::once())
 			->method('getCalendarsForUserCount')
 			->with('principals/users/user123')
-			->willReturn(12);
-		$this->expectException(TooManyRequests::class);
+			->willReturn(27);
+		$this->caldavBackend->expects(self::once())
+			->method('getSubscriptionsForUserCount')
+			->with('principals/users/user123')
+			->willReturn(3);
+		$this->expectException(Forbidden::class);
 
 		$this->plugin->beforeBind('calendars/foo/cal');
 	}