Implement brute force protection

Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)
author: Lukas Reschke <lukas@statuscode.ch> 2016-07-20 18:36:15 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2016-07-20 22:08:56 +0200
commit: ba4f12baa02dfb55ec8822687896d643261440c4 (patch)
tree: 5dc95ab54a2ae169951693a43ba7aa6920d6f36a /lib/private/legacy/api.php
parent: 7cdf6402ff9a0e07866ca8bcfcffd0e0897b646a (diff)
download: nextcloud-server-ba4f12baa02dfb55ec8822687896d643261440c4.tar.gz
nextcloud-server-ba4f12baa02dfb55ec8822687896d643261440c4.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/legacy/api.php b/lib/private/legacy/api.php
index 024f3c0fb63..88eb7b09a78 100644
--- a/lib/private/legacy/api.php
+++ b/lib/private/legacy/api.php
@@ -364,7 +364,7 @@ class OC_API {
 		try {
 			$loginSuccess = $userSession->tryTokenLogin($request);
 			if (!$loginSuccess) {
-				$loginSuccess = $userSession->tryBasicAuthLogin($request);
+				$loginSuccess = $userSession->tryBasicAuthLogin($request, \OC::$server->getBruteForceThrottler());
 			}
 		} catch (\OC\User\LoginException $e) {
 			return false;
author	Lukas Reschke <lukas@statuscode.ch>	2016-07-20 18:36:15 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2016-07-20 22:08:56 +0200
commit	ba4f12baa02dfb55ec8822687896d643261440c4 (patch)
tree	5dc95ab54a2ae169951693a43ba7aa6920d6f36a /lib/private/legacy/api.php
parent	7cdf6402ff9a0e07866ca8bcfcffd0e0897b646a (diff)
download	nextcloud-server-ba4f12baa02dfb55ec8822687896d643261440c4.tar.gz nextcloud-server-ba4f12baa02dfb55ec8822687896d643261440c4.zip