diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-07-20 23:09:27 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2016-07-20 23:09:27 +0200 |
| commit | c1589f163c44839fba9b2d3dcfb1e45ee7fa47ef (patch) | |
| tree | 0f460493ed97959e22f9b1713a641c22cf088ba0 /core/Controller | |
| parent | adf67fac9632788a86d710fc8fbdb76f041b434f (diff) | |
| download | nextcloud-server-c1589f163c44839fba9b2d3dcfb1e45ee7fa47ef.tar.gz nextcloud-server-c1589f163c44839fba9b2d3dcfb1e45ee7fa47ef.zip | |
Mitigate race condition
Diffstat (limited to 'core/Controller')
| -rw-r--r-- | core/Controller/LoginController.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index c453bd20a23..66bb13dbb54 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -178,6 +178,7 @@ class LoginController extends Controller { * @return RedirectResponse */ public function tryLogin($user, $password, $redirect_url) { + $currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress()); $this->throttler->sleepDelay($this->request->getRemoteAddress()); $originalUser = $user; @@ -194,7 +195,9 @@ class LoginController extends Controller { } if ($loginResult === false) { $this->throttler->registerAttempt('login', $this->request->getRemoteAddress(), ['user' => $originalUser]); - + if($currentDelay === 0) { + $this->throttler->sleepDelay($this->request->getRemoteAddress()); + } $this->session->set('loginMessages', [ ['invalidpassword'] ]); |