Add metadata to \OCP\AppFramework\Http\Response::throttletags/v13.0.0beta1
@@ -248,7 +248,7 @@ class LoginController extends Controller { | |||
$args['redirect_url'] = $redirect_url; | |||
} | |||
$response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)); | |||
$response->throttle(); | |||
$response->throttle(['user' => $user]); | |||
$this->session->set('loginMessages', [ | |||
['invalidpassword'], [] | |||
]); |
@@ -76,7 +76,7 @@ class BruteForceMiddleware extends Middleware { | |||
$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action'); | |||
$ip = $this->request->getRemoteAddress(); | |||
$this->throttler->sleepDelay($ip, $action); | |||
$this->throttler->registerAttempt($action, $ip); | |||
$this->throttler->registerAttempt($action, $ip, $response->getThrottleMetadata()); | |||
} | |||
return parent::afterController($controller, $methodName, $response); |
@@ -83,6 +83,8 @@ class Response { | |||
/** @var bool */ | |||
private $throttled = false; | |||
/** @var array */ | |||
private $throttleMetadata = []; | |||
/** | |||
* Caches the response | |||
@@ -328,10 +330,22 @@ class Response { | |||
* Marks the response as to throttle. Will be throttled when the | |||
* @BruteForceProtection annotation is added. | |||
* | |||
* @param array $metadata | |||
* @since 12.0.0 | |||
*/ | |||
public function throttle() { | |||
public function throttle(array $metadata = []) { | |||
$this->throttled = true; | |||
$this->throttleMetadata = $metadata; | |||
} | |||
/** | |||
* Returns the throttle metadata, defaults to empty array | |||
* | |||
* @return array | |||
* @since 13.0.0 | |||
*/ | |||
public function getThrottleMetadata() { | |||
return $this->throttleMetadata; | |||
} | |||
/** |
@@ -307,7 +307,7 @@ class LoginControllerTest extends TestCase { | |||
->method('deleteUserValue'); | |||
$expected = new \OCP\AppFramework\Http\RedirectResponse($loginPageUrl); | |||
$expected->throttle(); | |||
$expected->throttle(['user' => 'MyUserName']); | |||
$this->assertEquals($expected, $this->loginController->tryLogin($user, $password, '/apps/files')); | |||
} | |||
@@ -634,7 +634,7 @@ class LoginControllerTest extends TestCase { | |||
->method('createRememberMeToken'); | |||
$expected = new RedirectResponse(''); | |||
$expected->throttle(); | |||
$expected->throttle(['user' => 'john']); | |||
$this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', 'just wrong', null)); | |||
} | |||
} |
@@ -269,4 +269,9 @@ class ResponseTest extends \Test\TestCase { | |||
$this->childResponse->throttle(); | |||
$this->assertTrue($this->childResponse->isThrottled()); | |||
} | |||
public function testGetThrottleMetadata() { | |||
$this->childResponse->throttle(['foo' => 'bar']); | |||
$this->assertSame(['foo' => 'bar'], $this->childResponse->getThrottleMetadata()); | |||
} | |||
} |
@@ -112,6 +112,10 @@ class BruteForceMiddlewareTest extends TestCase { | |||
->expects($this->once()) | |||
->method('isThrottled') | |||
->willReturn(true); | |||
$response | |||
->expects($this->once()) | |||
->method('getThrottleMetadata') | |||
->willReturn([]); | |||
$this->reflector | |||
->expects($this->once()) | |||
->method('getAnnotationParameter') |