diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2017-04-14 13:42:40 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2017-04-14 13:42:40 +0200 |
commit | 727688ebd9c7cdeea4495e93f11b7f7bef9af109 (patch) | |
tree | 9f04e334eee326ccd0397f73d5e757aeb603de40 /core | |
parent | f40b9fa9bd03b9c9590976eefa21aba7085f32f2 (diff) | |
download | nextcloud-server-727688ebd9c7cdeea4495e93f11b7f7bef9af109.tar.gz nextcloud-server-727688ebd9c7cdeea4495e93f11b7f7bef9af109.zip |
Adjust existing bruteforce protection code
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'core')
-rw-r--r-- | core/Controller/LostController.php | 11 | ||||
-rw-r--r-- | core/Controller/OCSController.php | 14 |
2 files changed, 13 insertions, 12 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index 4597124897b..7a2590094b5 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -32,6 +32,7 @@ namespace OC\Core\Controller; use OCA\Encryption\Exceptions\PrivateKeyMissingException; use \OCP\AppFramework\Controller; +use OCP\AppFramework\Http\JSONResponse; use \OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Utility\ITimeFactory; use OCP\Defaults; @@ -207,17 +208,21 @@ class LostController extends Controller { * @BruteForceProtection(action=passwordResetEmail) * * @param string $user - * @return array + * @return JSONResponse */ public function email($user){ // FIXME: use HTTP error codes try { $this->sendEmail($user); } catch (\Exception $e){ - return $this->error($e->getMessage()); + $response = new JSONResponse($this->error($e->getMessage())); + $response->throttle(); + return $response; } - return $this->success(); + $response = new JSONResponse($this->success()); + $response->throttle(); + return $response; } /** diff --git a/core/Controller/OCSController.php b/core/Controller/OCSController.php index 1deb5e958bd..a709ab7b07b 100644 --- a/core/Controller/OCSController.php +++ b/core/Controller/OCSController.php @@ -22,7 +22,6 @@ namespace OC\Core\Controller; use OC\CapabilitiesManager; -use OC\Security\Bruteforce\Throttler; use OC\Security\IdentityProof\Manager; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; @@ -39,8 +38,6 @@ class OCSController extends \OCP\AppFramework\OCSController { private $userManager; /** @var Manager */ private $keyManager; - /** @var Throttler */ - private $throttler; /** * OCSController constructor. @@ -50,7 +47,6 @@ class OCSController extends \OCP\AppFramework\OCSController { * @param CapabilitiesManager $capabilitiesManager * @param IUserSession $userSession * @param IUserManager $userManager - * @param Throttler $throttler * @param Manager $keyManager */ public function __construct($appName, @@ -58,13 +54,11 @@ class OCSController extends \OCP\AppFramework\OCSController { CapabilitiesManager $capabilitiesManager, IUserSession $userSession, IUserManager $userManager, - Throttler $throttler, Manager $keyManager) { parent::__construct($appName, $request); $this->capabilitiesManager = $capabilitiesManager; $this->userSession = $userSession; $this->userManager = $userManager; - $this->throttler = $throttler; $this->keyManager = $keyManager; } @@ -107,6 +101,7 @@ class OCSController extends \OCP\AppFramework\OCSController { /** * @PublicPage + * @BruteForceProtection(action=login) * * @param string $login * @param string $password @@ -114,7 +109,6 @@ class OCSController extends \OCP\AppFramework\OCSController { */ public function personCheck($login = '', $password = '') { if ($login !== '' && $password !== '') { - $this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login'); if ($this->userManager->checkPassword($login, $password)) { return new DataResponse([ 'person' => [ @@ -122,8 +116,10 @@ class OCSController extends \OCP\AppFramework\OCSController { ] ]); } - $this->throttler->registerAttempt('login', $this->request->getRemoteAddress()); - return new DataResponse(null, 102); + + $response = new DataResponse(null, 102); + $response->throttle(); + return $response; } return new DataResponse(null, 101); } |