Merge pull request #48884 from nextcloud/bugfix/noid/allow-to-force-d…

…b-throttler

feat(bruteforce): Allow forcing the database throttler

config/config.sample.php

@@ -342,7 +342,7 @@
 
 /**
  * The timeout in seconds for synchronizing address books, e.g. federated system address books (as run by `occ federation:sync-addressbooks`).
- * 
+ *
  * Defaults to ``30`` seconds
  */
 'carddav_sync_request_timeout' => 30,
@@ -405,6 +405,17 @@
  */
 'auth.bruteforce.protection.enabled' => true,
 
+/**
+ * Whether the brute force protection should write into the database even when a memory cache is available
+ *
+ * Using the database is most likely worse for performance, but makes investigating
+ * issues a lot easier as it's possible to look directly at the table to see all
+ * logged remote addresses and actions.
+ *
+ * Defaults to ``false``
+ */
+'auth.bruteforce.protection.force.database' => false,
+
 /**
  * Whether the brute force protection shipped with Nextcloud should be set to testing mode.
  *

lib/private/Server.php

@@ -846,7 +846,8 @@ public function __construct($webRoot, \OC\Config $config) {
 
 		$this->registerService(\OC\Security\Bruteforce\Backend\IBackend::class, function ($c) {
 			$config = $c->get(\OCP\IConfig::class);
-			if (ltrim($config->getSystemValueString('memcache.distributed', ''), '\\') === \OC\Memcache\Redis::class) {
+			if (!$config->getSystemValueBool('auth.bruteforce.protection.force.database', false)
+				&& ltrim($config->getSystemValueString('memcache.distributed', ''), '\\') === \OC\Memcache\Redis::class) {
 				$backend = $c->get(\OC\Security\Bruteforce\Backend\MemoryCacheBackend::class);
 			} else {
 				$backend = $c->get(\OC\Security\Bruteforce\Backend\DatabaseBackend::class);