diff options
| author | Andy Scherzinger <info@andy-scherzinger.de> | 2023-11-30 21:53:49 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-30 21:53:49 +0100 |
| commit | 254914a7358a8dbdfe18580cf876c126383cb4ef (patch) | |
| tree | 4c5e6d140d2de92e5443d521c719ff83f6772765 | |
| parent | 5a4ac4ae67b4150231be1ada15cd0469fb9c0ad2 (diff) | |
| parent | e5e139f5a6f1512a854e44ffd3ba6df788b14d3d (diff) | |
| download | nextcloud-server-254914a7358a8dbdfe18580cf876c126383cb4ef.tar.gz nextcloud-server-254914a7358a8dbdfe18580cf876c126383cb4ef.zip | |
Merge pull request #41937 from nextcloud/bugfix/noid/dont-throw-500-when-max-delay-reached
fix(bruteforce-protection): Don't throw a 500 when MaxDelayReached is…
| -rw-r--r-- | index.php | 17 | ||||
| -rw-r--r-- | ocs/v1.php | 4 |
2 files changed, 21 insertions, 0 deletions
diff --git a/index.php b/index.php index f57cc03dd5e..235a33c8317 100644 --- a/index.php +++ b/index.php @@ -29,6 +29,8 @@ * */ require_once __DIR__ . '/lib/versioncheck.php'; + +use OCP\Security\Bruteforce\MaxDelayReached; use Psr\Log\LoggerInterface; try { @@ -77,6 +79,21 @@ try { exit(); } OC_Template::printErrorPage($ex->getMessage(), $ex->getMessage(), 401); +} catch (MaxDelayReached $ex) { + $request = \OC::$server->getRequest(); + /** + * Routes with the @CORS annotation and other API endpoints should + * not return a webpage, so we only print the error page when html is accepted, + * otherwise we reply with a JSON array like the BruteForceMiddleware would do. + */ + if (stripos($request->getHeader('Accept'), 'html') === false) { + http_response_code(429); + header('Content-Type: application/json; charset=utf-8'); + echo json_encode(['message' => $ex->getMessage()]); + exit(); + } + http_response_code(429); + OC_Template::printGuestPage('core', '429'); } catch (Exception $ex) { \OC::$server->get(LoggerInterface::class)->error($ex->getMessage(), [ 'app' => 'index', diff --git a/ocs/v1.php b/ocs/v1.php index f1f19fb5ee4..55e9f426aba 100644 --- a/ocs/v1.php +++ b/ocs/v1.php @@ -41,6 +41,7 @@ if (\OCP\Util::needUpgrade() exit; } +use OCP\Security\Bruteforce\MaxDelayReached; use Symfony\Component\Routing\Exception\MethodNotAllowedException; use Symfony\Component\Routing\Exception\ResourceNotFoundException; @@ -62,6 +63,9 @@ try { } OC::$server->get(\OC\Route\Router::class)->match('/ocsapp'.\OC::$server->getRequest()->getRawPathInfo()); +} catch (MaxDelayReached $ex) { + $format = \OC::$server->getRequest()->getParam('format', 'xml'); + OC_API::respond(new \OC\OCS\Result(null, OCP\AppFramework\Http::STATUS_TOO_MANY_REQUESTS, $ex->getMessage()), $format); } catch (ResourceNotFoundException $e) { OC_API::setContentType(); |