diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-11-30 12:52:35 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-11-30 15:01:27 +0100 |
| commit | e5e139f5a6f1512a854e44ffd3ba6df788b14d3d (patch) | |
| tree | b2b39479386be74493da4b4ae4429881e736e8e5 /index.php | |
| parent | ef3b1a86ebac1b116740a815d2b8ebace53b3980 (diff) | |
| download | nextcloud-server-e5e139f5a6f1512a854e44ffd3ba6df788b14d3d.tar.gz nextcloud-server-e5e139f5a6f1512a854e44ffd3ba6df788b14d3d.zip | |
fix(bruteforce-protection): Don't throw a 500 when MaxDelayReached is thrown
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/index.php b/index.php index f57cc03dd5e..235a33c8317 100644 --- a/index.php +++ b/index.php @@ -29,6 +29,8 @@ * */ require_once __DIR__ . '/lib/versioncheck.php'; + +use OCP\Security\Bruteforce\MaxDelayReached; use Psr\Log\LoggerInterface; try { @@ -77,6 +79,21 @@ try { exit(); } OC_Template::printErrorPage($ex->getMessage(), $ex->getMessage(), 401); +} catch (MaxDelayReached $ex) { + $request = \OC::$server->getRequest(); + /** + * Routes with the @CORS annotation and other API endpoints should + * not return a webpage, so we only print the error page when html is accepted, + * otherwise we reply with a JSON array like the BruteForceMiddleware would do. + */ + if (stripos($request->getHeader('Accept'), 'html') === false) { + http_response_code(429); + header('Content-Type: application/json; charset=utf-8'); + echo json_encode(['message' => $ex->getMessage()]); + exit(); + } + http_response_code(429); + OC_Template::printGuestPage('core', '429'); } catch (Exception $ex) { \OC::$server->get(LoggerInterface::class)->error($ex->getMessage(), [ 'app' => 'index', |