Adjust existing bruteforce protection code

- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

1 files changed, 8 insertions, 3 deletions

diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 4597124897b..7a2590094b5 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -32,6 +32,7 @@ namespace OC\Core\Controller;
 
 use OCA\Encryption\Exceptions\PrivateKeyMissingException;
 use \OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\JSONResponse;
 use \OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Defaults;
@@ -207,17 +208,21 @@ class LostController extends Controller {
 	 * @BruteForceProtection(action=passwordResetEmail)
 	 *
 	 * @param string $user
-	 * @return array
+	 * @return JSONResponse
 	 */
 	public function email($user){
 		// FIXME: use HTTP error codes
 		try {
 			$this->sendEmail($user);
 		} catch (\Exception $e){
-			return $this->error($e->getMessage());
+			$response = new JSONResponse($this->error($e->getMessage()));
+			$response->throttle();
+			return $response;
 		}
 
-		return $this->success();
+		$response = new JSONResponse($this->success());
+		$response->throttle();
+		return $response;
 	}
 
 	/**