summaryrefslogtreecommitdiffstats
path: root/apps/dav/lib/Connector
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2016-07-21 00:31:02 +0200
committerGitHub <noreply@github.com>2016-07-21 00:31:02 +0200
commitc385423d1096c243050fed3585734c308115864b (patch)
tree1002bfc475cd88a7cc495f4ffc23bbd03ec75d39 /apps/dav/lib/Connector
parent020a2a6958e48f7a3a29daa2235f6729980850af (diff)
parentc1589f163c44839fba9b2d3dcfb1e45ee7fa47ef (diff)
downloadnextcloud-server-c385423d1096c243050fed3585734c308115864b.tar.gz
nextcloud-server-c385423d1096c243050fed3585734c308115864b.zip
Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
Diffstat (limited to 'apps/dav/lib/Connector')
-rw-r--r--apps/dav/lib/Connector/Sabre/Auth.php9
1 files changed, 8 insertions, 1 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Auth.php b/apps/dav/lib/Connector/Sabre/Auth.php
index 28e4ae2bcde..3f9e16b04c5 100644
--- a/apps/dav/lib/Connector/Sabre/Auth.php
+++ b/apps/dav/lib/Connector/Sabre/Auth.php
@@ -33,6 +33,7 @@ use Exception;
use OC\AppFramework\Http\Request;
use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
use OC\Authentication\TwoFactorAuth\Manager;
+use OC\Security\Bruteforce\Throttler;
use OC\User\Session;
use OCA\DAV\Connector\Sabre\Exception\PasswordLoginForbidden;
use OCP\IRequest;
@@ -58,23 +59,28 @@ class Auth extends AbstractBasic {
private $currentUser;
/** @var Manager */
private $twoFactorManager;
+ /** @var Throttler */
+ private $throttler;
/**
* @param ISession $session
* @param Session $userSession
* @param IRequest $request
* @param Manager $twoFactorManager
+ * @param Throttler $throttler
* @param string $principalPrefix
*/
public function __construct(ISession $session,
Session $userSession,
IRequest $request,
Manager $twoFactorManager,
+ Throttler $throttler,
$principalPrefix = 'principals/users/') {
$this->session = $session;
$this->userSession = $userSession;
$this->twoFactorManager = $twoFactorManager;
$this->request = $request;
+ $this->throttler = $throttler;
$this->principalPrefix = $principalPrefix;
// setup realm
@@ -107,6 +113,7 @@ class Auth extends AbstractBasic {
* @param string $username
* @param string $password
* @return bool
+ * @throws PasswordLoginForbidden
*/
protected function validateUserPass($username, $password) {
if ($this->userSession->isLoggedIn() &&
@@ -118,7 +125,7 @@ class Auth extends AbstractBasic {
} else {
\OC_Util::setupFS(); //login hooks may need early access to the filesystem
try {
- if ($this->userSession->logClientIn($username, $password, $this->request)) {
+ if ($this->userSession->logClientIn($username, $password, $this->request, $this->throttler)) {
\OC_Util::setupFS($this->userSession->getUser()->getUID());
$this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
$this->session->close();