Merge pull request #2117 from nextcloud/master-add-bruteforce-check-to-person-endpoint

Add bruteforce checker to Person.php
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2016-11-14 17:18:31 +0100
committer: GitHub <noreply@github.com> 2016-11-14 17:18:31 +0100
commit: 0e60b78378e69ec1dc93e2004bc3ca293a4c0548 (patch)
tree: d7ad024ec950feb1347d9d6de9b7865085d6565a /lib/private
parent: 42d754becd6fd968eebaa68a3f533c4385d2ced6 (diff)
parent: 0d89c1491164a3ee33bd85839eae963d51b45a36 (diff)
download: nextcloud-server-0e60b78378e69ec1dc93e2004bc3ca293a4c0548.tar.gz
nextcloud-server-0e60b78378e69ec1dc93e2004bc3ca293a4c0548.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/private/OCS/Person.php b/lib/private/OCS/Person.php
index bbb4a39e1e8..d14465c5ce9 100644
--- a/lib/private/OCS/Person.php
+++ b/lib/private/OCS/Person.php
@@ -31,10 +31,13 @@ class Person {
 		$login = isset($_POST['login']) ? $_POST['login'] : false;
 		$password = isset($_POST['password']) ? $_POST['password'] : false;
 		if($login && $password) {
+			$remoteIp = \OC::$server->getRequest()->getRemoteAddress();
+			\OC::$server->getBruteForceThrottler()->sleepDelay($remoteIp);
 			if(\OC_User::checkPassword($login, $password)) {
 				$xml['person']['personid'] = $login;
 				return new Result($xml);
 			} else {
+				\OC::$server->getBruteForceThrottler()->registerAttempt('login', $remoteIp);
 				return new Result(null, 102);
 			}
 		} else {
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2016-11-14 17:18:31 +0100
committer	GitHub <noreply@github.com>	2016-11-14 17:18:31 +0100
commit	0e60b78378e69ec1dc93e2004bc3ca293a4c0548 (patch)
tree	d7ad024ec950feb1347d9d6de9b7865085d6565a /lib/private
parent	42d754becd6fd968eebaa68a3f533c4385d2ced6 (diff)
parent	0d89c1491164a3ee33bd85839eae963d51b45a36 (diff)
download	nextcloud-server-0e60b78378e69ec1dc93e2004bc3ca293a4c0548.tar.gz nextcloud-server-0e60b78378e69ec1dc93e2004bc3ca293a4c0548.zip