diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-05-11 09:23:50 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-05-15 16:25:39 +0200 |
| commit | 1131e6fabdeb5d14b5afc263644fbe183eba7e33 (patch) | |
| tree | f7e1e6a51a7e974ddb9e107c4044cdc297258e2b /lib/private | |
| parent | dee180409b9b245ce9bdc78e1aacdfb85ae7055d (diff) | |
| download | nextcloud-server-1131e6fabdeb5d14b5afc263644fbe183eba7e33.tar.gz nextcloud-server-1131e6fabdeb5d14b5afc263644fbe183eba7e33.zip | |
fix(middleware): Also abort the request when reaching max delay in afterController
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php index 069d04a9e75..c36c6412fb7 100644 --- a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php @@ -78,8 +78,16 @@ class BruteForceMiddleware extends Middleware { if ($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) { $action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action'); $ip = $this->request->getRemoteAddress(); - $this->throttler->sleepDelay($ip, $action); $this->throttler->registerAttempt($action, $ip, $response->getThrottleMetadata()); + try { + $this->throttler->sleepDelayOrThrowOnMax($ip, $action); + } catch (MaxDelayReached $e) { + if ($controller instanceof OCSController) { + throw new OCSException($e->getMessage(), Http::STATUS_TOO_MANY_REQUESTS); + } + + return new TooManyRequestsResponse(); + } } return parent::afterController($controller, $methodName, $response); |