Add bruteforce checker to Person.php

Also check for attempts on this endpoint

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

diff --git a/lib/private/OCS/Person.php b/lib/private/OCS/Person.php
index bbb4a39e1e8b55f1befbd60305e0d1e30782dceb..d14465c5ce9e1ebc0ef86ce9a928ba08e7932d59 100644 (file)
--- a/lib/private/OCS/Person.php
+++ b/lib/private/OCS/Person.php
@@ -31,10 +31,13 @@ class Person {
                $login = isset($_POST['login']) ? $_POST['login'] : false;
                $password = isset($_POST['password']) ? $_POST['password'] : false;
                if($login && $password) {
+                       $remoteIp = \OC::$server->getRequest()->getRemoteAddress();
+                       \OC::$server->getBruteForceThrottler()->sleepDelay($remoteIp);
                        if(\OC_User::checkPassword($login, $password)) {
                                $xml['person']['personid'] = $login;
                                return new Result($xml);
                        } else {
+                               \OC::$server->getBruteForceThrottler()->registerAttempt('login', $remoteIp);
                                return new Result(null, 102);
                        }
                } else {