Do not enable brute force detection during update process. (#14001)

* Do not enable brute force detection during update process.

* Try detection through checking for updates.

* Do not enable brute force detection until version is successfully updated to 3.8.0.

* $dbSchemaVersion may be false

1 files changed, 14 insertions, 1 deletions

diff --git a/plugins/Login/Security/BruteForceDetection.php b/plugins/Login/Security/BruteForceDetection.php
index 7337257483..9ca79e3266 100644
--- a/plugins/Login/Security/BruteForceDetection.php
+++ b/plugins/Login/Security/BruteForceDetection.php
@@ -12,6 +12,8 @@ use Piwik\Common;
 use Piwik\Date;
 use Piwik\Db;
 use Piwik\Plugins\Login\SystemSettings;
+use Piwik\Updater;
+use Piwik\Version;
 
 class BruteForceDetection {
 
@@ -26,16 +28,27 @@ class BruteForceDetection {
      */
     private $settings;
 
+    /**
+     * @var Updater
+     */
+    private $updater;
+
     public function __construct(SystemSettings $systemSettings)
     {
         $this->tablePrefixed = Common::prefixTable($this->table);
         $this->settings = $systemSettings;
         $this->minutesTimeRange = $systemSettings->loginAttemptsTimeRange->getValue();
         $this->maxLogAttempts = $systemSettings->maxFailedLoginsPerMinutes->getValue();
+        $this->updater = new Updater();
     }
 
     public function isEnabled()
     {
+        $dbSchemaVersion = $this->updater->getCurrentComponentVersion('core');
+        if ($dbSchemaVersion && version_compare($dbSchemaVersion, '3.8.0') == -1) {
+            return false; // do not enable brute force detection before the tables exist
+        }
+
         return $this->settings->enableBruteForceDetection->getValue();
     }
 
@@ -131,4 +144,4 @@ class BruteForceDetection {
     {
         return $this->getNow()->subPeriod($minutes, 'minute')->getDatetime();
     }
-}
\ No newline at end of file
+}