Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>tags/v28.0.5rc1
$c->get(IRequest::class), | $c->get(IRequest::class), | ||||
$c->get(IUserSession::class), | $c->get(IUserSession::class), | ||||
$c->get(IControllerMethodReflector::class), | $c->get(IControllerMethodReflector::class), | ||||
$c->get(OC\Security\RateLimiting\Limiter::class) | |||||
$c->get(OC\Security\RateLimiting\Limiter::class), | |||||
$c->get(ISession::class) | |||||
) | ) | ||||
); | ); | ||||
$dispatcher->registerMiddleware( | $dispatcher->registerMiddleware( |
use OCP\AppFramework\Http\TemplateResponse; | use OCP\AppFramework\Http\TemplateResponse; | ||||
use OCP\AppFramework\Middleware; | use OCP\AppFramework\Middleware; | ||||
use OCP\IRequest; | use OCP\IRequest; | ||||
use OCP\ISession; | |||||
use OCP\IUserSession; | use OCP\IUserSession; | ||||
use ReflectionMethod; | use ReflectionMethod; | ||||
protected IUserSession $userSession, | protected IUserSession $userSession, | ||||
protected ControllerMethodReflector $reflector, | protected ControllerMethodReflector $reflector, | ||||
protected Limiter $limiter, | protected Limiter $limiter, | ||||
protected ISession $session, | |||||
) { | ) { | ||||
} | } | ||||
parent::beforeController($controller, $methodName); | parent::beforeController($controller, $methodName); | ||||
$rateLimitIdentifier = get_class($controller) . '::' . $methodName; | $rateLimitIdentifier = get_class($controller) . '::' . $methodName; | ||||
if ($this->session->exists('app_api_system')) { | |||||
// Bypass rate limiting for app_api | |||||
return; | |||||
} | |||||
if ($this->userSession->isLoggedIn()) { | if ($this->userSession->isLoggedIn()) { | ||||
$rateLimit = $this->readLimitFromAnnotationOrAttribute($controller, $methodName, 'UserRateThrottle', UserRateLimit::class); | $rateLimit = $this->readLimitFromAnnotationOrAttribute($controller, $methodName, 'UserRateThrottle', UserRateLimit::class); | ||||
use OCP\AppFramework\Http\DataResponse; | use OCP\AppFramework\Http\DataResponse; | ||||
use OCP\AppFramework\Http\TemplateResponse; | use OCP\AppFramework\Http\TemplateResponse; | ||||
use OCP\IRequest; | use OCP\IRequest; | ||||
use OCP\ISession; | |||||
use OCP\IUser; | use OCP\IUser; | ||||
use OCP\IUserSession; | use OCP\IUserSession; | ||||
use PHPUnit\Framework\MockObject\MockObject; | use PHPUnit\Framework\MockObject\MockObject; | ||||
private IUserSession|MockObject $userSession; | private IUserSession|MockObject $userSession; | ||||
private ControllerMethodReflector $reflector; | private ControllerMethodReflector $reflector; | ||||
private Limiter|MockObject $limiter; | private Limiter|MockObject $limiter; | ||||
private ISession|MockObject $session; | |||||
private RateLimitingMiddleware $rateLimitingMiddleware; | private RateLimitingMiddleware $rateLimitingMiddleware; | ||||
protected function setUp(): void { | protected function setUp(): void { | ||||
$this->userSession = $this->createMock(IUserSession::class); | $this->userSession = $this->createMock(IUserSession::class); | ||||
$this->reflector = new ControllerMethodReflector(); | $this->reflector = new ControllerMethodReflector(); | ||||
$this->limiter = $this->createMock(Limiter::class); | $this->limiter = $this->createMock(Limiter::class); | ||||
$this->session = $this->createMock(ISession::class); | |||||
$this->rateLimitingMiddleware = new RateLimitingMiddleware( | $this->rateLimitingMiddleware = new RateLimitingMiddleware( | ||||
$this->request, | $this->request, | ||||
$this->userSession, | $this->userSession, | ||||
$this->reflector, | $this->reflector, | ||||
$this->limiter | |||||
$this->limiter, | |||||
$this->session | |||||
); | ); | ||||
} | } | ||||