diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-07-21 00:31:02 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-21 00:31:02 +0200 |
| commit | c385423d1096c243050fed3585734c308115864b (patch) | |
| tree | 1002bfc475cd88a7cc495f4ffc23bbd03ec75d39 /lib/private/AppFramework | |
| parent | 020a2a6958e48f7a3a29daa2235f6729980850af (diff) | |
| parent | c1589f163c44839fba9b2d3dcfb1e45ee7fa47ef (diff) | |
| download | nextcloud-server-c385423d1096c243050fed3585734c308115864b.tar.gz nextcloud-server-c385423d1096c243050fed3585734c308115864b.zip | |
Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
Diffstat (limited to 'lib/private/AppFramework')
| -rw-r--r-- | lib/private/AppFramework/DependencyInjection/DIContainer.php | 3 | ||||
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/CORSMiddleware.php | 25 |
2 files changed, 13 insertions, 15 deletions
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php index 32a85606abf..893d6cb9aa6 100644 --- a/lib/private/AppFramework/DependencyInjection/DIContainer.php +++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php @@ -352,7 +352,8 @@ class DIContainer extends SimpleContainer implements IAppContainer { return new CORSMiddleware( $c['Request'], $c['ControllerMethodReflector'], - $c['OCP\IUserSession'] + $c['OCP\IUserSession'], + $c->getServer()->getBruteForceThrottler() ); }); diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php index 32a507623e3..04de4bc92d3 100644 --- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php @@ -27,6 +27,7 @@ namespace OC\AppFramework\Middleware\Security; use OC\AppFramework\Middleware\Security\Exceptions\SecurityException; use OC\AppFramework\Utility\ControllerMethodReflector; use OC\Authentication\Exceptions\PasswordLoginForbiddenException; +use OC\Security\Bruteforce\Throttler; use OC\User\Session; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; @@ -42,33 +43,29 @@ use OCP\IRequest; * https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS */ class CORSMiddleware extends Middleware { - - /** - * @var IRequest - */ + /** @var IRequest */ private $request; - - /** - * @var ControllerMethodReflector - */ + /** @var ControllerMethodReflector */ private $reflector; - - /** - * @var Session - */ + /** @var Session */ private $session; + /** @var Throttler */ + private $throttler; /** * @param IRequest $request * @param ControllerMethodReflector $reflector * @param Session $session + * @param Throttler $throttler */ public function __construct(IRequest $request, ControllerMethodReflector $reflector, - Session $session) { + Session $session, + Throttler $throttler) { $this->request = $request; $this->reflector = $reflector; $this->session = $session; + $this->throttler = $throttler; } /** @@ -91,7 +88,7 @@ class CORSMiddleware extends Middleware { $this->session->logout(); try { - if (!$this->session->logClientIn($user, $pass, $this->request)) { + if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) { throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED); } } catch (PasswordLoginForbiddenException $ex) { |