diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2023-12-07 10:29:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-07 10:29:20 +0100 |
| commit | 24606a9d70cd3926aed5ef50f1df88f7f73627dd (patch) | |
| tree | 99fe636ff5e9847b8fea3c756a501f02b3e6b7c0 | |
| parent | 13f0badf192abc7861ee686e389ff99169ccd46d (diff) | |
| parent | 705f2365ac2286b00de5802c2ba536e8617d1e4d (diff) | |
| download | nextcloud-server-24606a9d70cd3926aed5ef50f1df88f7f73627dd.tar.gz nextcloud-server-24606a9d70cd3926aed5ef50f1df88f7f73627dd.zip | |
Merge pull request #42082 from nextcloud/backport/41937/stable28
[stable28] fix(bruteforce-protection): Don't throw a 500 when MaxDelayReached is…
| -rw-r--r-- | index.php | 17 | ||||
| -rw-r--r-- | ocs/v1.php | 4 |
2 files changed, 21 insertions, 0 deletions
diff --git a/index.php b/index.php index f57cc03dd5e..235a33c8317 100644 --- a/index.php +++ b/index.php @@ -29,6 +29,8 @@ * */ require_once __DIR__ . '/lib/versioncheck.php'; + +use OCP\Security\Bruteforce\MaxDelayReached; use Psr\Log\LoggerInterface; try { @@ -77,6 +79,21 @@ try { exit(); } OC_Template::printErrorPage($ex->getMessage(), $ex->getMessage(), 401); +} catch (MaxDelayReached $ex) { + $request = \OC::$server->getRequest(); + /** + * Routes with the @CORS annotation and other API endpoints should + * not return a webpage, so we only print the error page when html is accepted, + * otherwise we reply with a JSON array like the BruteForceMiddleware would do. + */ + if (stripos($request->getHeader('Accept'), 'html') === false) { + http_response_code(429); + header('Content-Type: application/json; charset=utf-8'); + echo json_encode(['message' => $ex->getMessage()]); + exit(); + } + http_response_code(429); + OC_Template::printGuestPage('core', '429'); } catch (Exception $ex) { \OC::$server->get(LoggerInterface::class)->error($ex->getMessage(), [ 'app' => 'index', diff --git a/ocs/v1.php b/ocs/v1.php index f1f19fb5ee4..55e9f426aba 100644 --- a/ocs/v1.php +++ b/ocs/v1.php @@ -41,6 +41,7 @@ if (\OCP\Util::needUpgrade() exit; } +use OCP\Security\Bruteforce\MaxDelayReached; use Symfony\Component\Routing\Exception\MethodNotAllowedException; use Symfony\Component\Routing\Exception\ResourceNotFoundException; @@ -62,6 +63,9 @@ try { } OC::$server->get(\OC\Route\Router::class)->match('/ocsapp'.\OC::$server->getRequest()->getRawPathInfo()); +} catch (MaxDelayReached $ex) { + $format = \OC::$server->getRequest()->getParam('format', 'xml'); + OC_API::respond(new \OC\OCS\Result(null, OCP\AppFramework\Http::STATUS_TOO_MANY_REQUESTS, $ex->getMessage()), $format); } catch (ResourceNotFoundException $e) { OC_API::setContentType(); |