diff options
| author | Daniel Kesselberg <mail@danielkesselberg.de> | 2024-06-12 11:46:12 +0200 |
|---|---|---|
| committer | Daniel <mail@danielkesselberg.de> | 2024-06-12 19:35:45 +0200 |
| commit | 01a6c9119e100d2802a089fafd90cc9bf7802158 (patch) | |
| tree | 60ee73c7baeafb23ed83adbebf8c86b1e298b431 /core | |
| parent | 82ee83a4649b457fa13545042a9e0e096bbfeee8 (diff) | |
| download | nextcloud-server-01a6c9119e100d2802a089fafd90cc9bf7802158.tar.gz nextcloud-server-01a6c9119e100d2802a089fafd90cc9bf7802158.zip | |
test: add tests for ProfilePageController
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/ProfilePageController.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/core/Controller/ProfilePageController.php b/core/Controller/ProfilePageController.php index eb5b0aa4c0a..eb4b1c78105 100644 --- a/core/Controller/ProfilePageController.php +++ b/core/Controller/ProfilePageController.php @@ -29,13 +29,15 @@ namespace OC\Core\Controller; use OC\Profile\ProfileManager; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\AnonRateLimit; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\UserRateLimit; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; use OCP\EventDispatcher\IEventDispatcher; use OCP\INavigationManager; use OCP\IRequest; -use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; use OCP\Profile\BeforeTemplateRenderedEvent; @@ -65,6 +67,9 @@ class ProfilePageController extends Controller { * @NoAdminRequired * @NoSubAdminRequired */ + #[BruteForceProtection(action: 'user')] + #[UserRateLimit(limit: 30, period: 120)] + #[AnonRateLimit(limit: 30, period: 120)] public function index(string $targetUserId): TemplateResponse { $profileNotFoundTemplate = new TemplateResponse( 'core', @@ -74,7 +79,11 @@ class ProfilePageController extends Controller { ); $targetUser = $this->userManager->get($targetUserId); - if (!($targetUser instanceof IUser) || !$targetUser->isEnabled()) { + if ($targetUser === null) { + $profileNotFoundTemplate->throttle(); + return $profileNotFoundTemplate; + } + if (!$targetUser->isEnabled()) { return $profileNotFoundTemplate; } $visitingUser = $this->userSession->getUser(); |