use OCP\AppFramework\OCSController;
use OCP\IRequest;
use OCP\Security\Bruteforce\MaxDelayReached;
+use Psr\Log\LoggerInterface;
use ReflectionMethod;
/**
* @package OC\AppFramework\Middleware\Security
*/
class BruteForceMiddleware extends Middleware {
- private ControllerMethodReflector $reflector;
- private Throttler $throttler;
- private IRequest $request;
-
- public function __construct(ControllerMethodReflector $controllerMethodReflector,
- Throttler $throttler,
- IRequest $request) {
- $this->reflector = $controllerMethodReflector;
- $this->throttler = $throttler;
- $this->request = $request;
+ public function __construct(
+ protected ControllerMethodReflector $reflector,
+ protected Throttler $throttler,
+ protected IRequest $request,
+ protected LoggerInterface $logger,
+ ) {
}
/**
$this->throttler->registerAttempt($action, $ip, $metaData);
}
}
+ } else {
+ $this->logger->debug('Response for ' . get_class($controller) . '::' . $methodName . ' got bruteforce throttled but has no annotation nor attribute defined.');
}
}
}
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
use OCP\AppFramework\Http\Response;
use OCP\IRequest;
+use Psr\Log\LoggerInterface;
use Test\TestCase;
class TestController extends Controller {
private $throttler;
/** @var IRequest|\PHPUnit\Framework\MockObject\MockObject */
private $request;
+ /** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */
+ private $logger;
private BruteForceMiddleware $bruteForceMiddleware;
protected function setUp(): void {
$this->reflector = new ControllerMethodReflector();
$this->throttler = $this->createMock(Throttler::class);
$this->request = $this->createMock(IRequest::class);
+ $this->logger = $this->createMock(LoggerInterface::class);
$this->bruteForceMiddleware = new BruteForceMiddleware(
$this->reflector,
$this->throttler,
- $this->request
+ $this->request,
+ $this->logger,
);
}
- public function testBeforeControllerWithAnnotation() {
+ public function testBeforeControllerWithAnnotation(): void {
$this->request
->expects($this->once())
->method('getRemoteAddress')
$this->bruteForceMiddleware->beforeController($controller, 'multipleAttributes');
}
- public function testBeforeControllerWithoutAnnotation() {
+ public function testBeforeControllerWithoutAnnotation(): void {
$this->request
->expects($this->never())
->method('getRemoteAddress');
$this->bruteForceMiddleware->beforeController($controller, 'testMethodWithoutAnnotation');
}
- public function testAfterControllerWithAnnotationAndThrottledRequest() {
+ public function testAfterControllerWithAnnotationAndThrottledRequest(): void {
/** @var Response|\PHPUnit\Framework\MockObject\MockObject $response */
$response = $this->createMock(Response::class);
$response
$this->bruteForceMiddleware->afterController($controller, 'testMethodWithAnnotation', $response);
}
- public function testAfterControllerWithAnnotationAndNotThrottledRequest() {
+ public function testAfterControllerWithAnnotationAndNotThrottledRequest(): void {
/** @var Response|\PHPUnit\Framework\MockObject\MockObject $response */
$response = $this->createMock(Response::class);
$response
$this->bruteForceMiddleware->afterController($controller, 'multipleAttributes', $response);
}
- public function testAfterControllerWithoutAnnotation() {
+ public function testAfterControllerWithoutAnnotation(): void {
$this->request
->expects($this->never())
->method('getRemoteAddress');
$response = $this->createMock(Response::class);
$this->bruteForceMiddleware->afterController($controller, 'testMethodWithoutAnnotation', $response);
}
+
+ public function testAfterControllerWithThrottledResponseButUnhandled(): void {
+ $this->request
+ ->expects($this->never())
+ ->method('getRemoteAddress');
+ $this->throttler
+ ->expects($this->never())
+ ->method('sleepDelay');
+
+ $controller = new TestController('test', $this->request);
+ $this->reflector->reflect($controller, 'testMethodWithoutAnnotation');
+ /** @var Response|\PHPUnit\Framework\MockObject\MockObject $response */
+ $response = $this->createMock(Response::class);
+ $response->method('isThrottled')
+ ->willReturn(true);
+
+ $this->logger->expects($this->once())
+ ->method('debug')
+ ->with('Response for Test\AppFramework\Middleware\Security\TestController::testMethodWithoutAnnotation got bruteforce throttled but has no annotation nor attribute defined.');
+
+ $this->bruteForceMiddleware->afterController($controller, 'testMethodWithoutAnnotation', $response);
+ }
}