aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2017-04-14 13:42:40 +0200
committerLukas Reschke <lukas@statuscode.ch>2017-04-14 13:42:40 +0200
commit727688ebd9c7cdeea4495e93f11b7f7bef9af109 (patch)
tree9f04e334eee326ccd0397f73d5e757aeb603de40 /core
parentf40b9fa9bd03b9c9590976eefa21aba7085f32f2 (diff)
downloadnextcloud-server-727688ebd9c7cdeea4495e93f11b7f7bef9af109.tar.gz
nextcloud-server-727688ebd9c7cdeea4495e93f11b7f7bef9af109.zip
Adjust existing bruteforce protection code
- Moves code to annotation - Adds the `throttle()` call on the responses on existing annotations Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'core')
-rw-r--r--core/Controller/LostController.php11
-rw-r--r--core/Controller/OCSController.php14
2 files changed, 13 insertions, 12 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 4597124897b..7a2590094b5 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -32,6 +32,7 @@ namespace OC\Core\Controller;
use OCA\Encryption\Exceptions\PrivateKeyMissingException;
use \OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\JSONResponse;
use \OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Defaults;
@@ -207,17 +208,21 @@ class LostController extends Controller {
* @BruteForceProtection(action=passwordResetEmail)
*
* @param string $user
- * @return array
+ * @return JSONResponse
*/
public function email($user){
// FIXME: use HTTP error codes
try {
$this->sendEmail($user);
} catch (\Exception $e){
- return $this->error($e->getMessage());
+ $response = new JSONResponse($this->error($e->getMessage()));
+ $response->throttle();
+ return $response;
}
- return $this->success();
+ $response = new JSONResponse($this->success());
+ $response->throttle();
+ return $response;
}
/**
diff --git a/core/Controller/OCSController.php b/core/Controller/OCSController.php
index 1deb5e958bd..a709ab7b07b 100644
--- a/core/Controller/OCSController.php
+++ b/core/Controller/OCSController.php
@@ -22,7 +22,6 @@
namespace OC\Core\Controller;
use OC\CapabilitiesManager;
-use OC\Security\Bruteforce\Throttler;
use OC\Security\IdentityProof\Manager;
use OCP\AppFramework\Http\DataResponse;
use OCP\IRequest;
@@ -39,8 +38,6 @@ class OCSController extends \OCP\AppFramework\OCSController {
private $userManager;
/** @var Manager */
private $keyManager;
- /** @var Throttler */
- private $throttler;
/**
* OCSController constructor.
@@ -50,7 +47,6 @@ class OCSController extends \OCP\AppFramework\OCSController {
* @param CapabilitiesManager $capabilitiesManager
* @param IUserSession $userSession
* @param IUserManager $userManager
- * @param Throttler $throttler
* @param Manager $keyManager
*/
public function __construct($appName,
@@ -58,13 +54,11 @@ class OCSController extends \OCP\AppFramework\OCSController {
CapabilitiesManager $capabilitiesManager,
IUserSession $userSession,
IUserManager $userManager,
- Throttler $throttler,
Manager $keyManager) {
parent::__construct($appName, $request);
$this->capabilitiesManager = $capabilitiesManager;
$this->userSession = $userSession;
$this->userManager = $userManager;
- $this->throttler = $throttler;
$this->keyManager = $keyManager;
}
@@ -107,6 +101,7 @@ class OCSController extends \OCP\AppFramework\OCSController {
/**
* @PublicPage
+ * @BruteForceProtection(action=login)
*
* @param string $login
* @param string $password
@@ -114,7 +109,6 @@ class OCSController extends \OCP\AppFramework\OCSController {
*/
public function personCheck($login = '', $password = '') {
if ($login !== '' && $password !== '') {
- $this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
if ($this->userManager->checkPassword($login, $password)) {
return new DataResponse([
'person' => [
@@ -122,8 +116,10 @@ class OCSController extends \OCP\AppFramework\OCSController {
]
]);
}
- $this->throttler->registerAttempt('login', $this->request->getRemoteAddress());
- return new DataResponse(null, 102);
+
+ $response = new DataResponse(null, 102);
+ $response->throttle();
+ return $response;
}
return new DataResponse(null, 101);
}