|
|
@@ -205,8 +205,8 @@ class LoginController extends Controller { |
|
|
|
* @return RedirectResponse |
|
|
|
*/ |
|
|
|
public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') { |
|
|
|
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress()); |
|
|
|
$this->throttler->sleepDelay($this->request->getRemoteAddress()); |
|
|
|
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'login'); |
|
|
|
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login'); |
|
|
|
|
|
|
|
// If the user is already logged in and the CSRF check does not pass then |
|
|
|
// simply redirect the user to the correct page as required. This is the |
|
|
@@ -230,7 +230,7 @@ class LoginController extends Controller { |
|
|
|
if ($loginResult === false) { |
|
|
|
$this->throttler->registerAttempt('login', $this->request->getRemoteAddress(), ['user' => $originalUser]); |
|
|
|
if($currentDelay === 0) { |
|
|
|
$this->throttler->sleepDelay($this->request->getRemoteAddress()); |
|
|
|
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login'); |
|
|
|
} |
|
|
|
$this->session->set('loginMessages', [ |
|
|
|
['invalidpassword'], [] |
|
|
@@ -295,15 +295,15 @@ class LoginController extends Controller { |
|
|
|
* @return DataResponse |
|
|
|
*/ |
|
|
|
public function confirmPassword($password) { |
|
|
|
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress()); |
|
|
|
$this->throttler->sleepDelay($this->request->getRemoteAddress()); |
|
|
|
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'sudo'); |
|
|
|
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo'); |
|
|
|
|
|
|
|
$loginName = $this->userSession->getLoginName(); |
|
|
|
$loginResult = $this->userManager->checkPassword($loginName, $password); |
|
|
|
if ($loginResult === false) { |
|
|
|
$this->throttler->registerAttempt('sudo', $this->request->getRemoteAddress(), ['user' => $loginName]); |
|
|
|
if ($currentDelay === 0) { |
|
|
|
$this->throttler->sleepDelay($this->request->getRemoteAddress()); |
|
|
|
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo'); |
|
|
|
} |
|
|
|
|
|
|
|
return new DataResponse([], Http::STATUS_FORBIDDEN); |