diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2023-05-16 11:31:26 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-16 11:31:26 +0200 |
| commit | 44d7dbb33d4006a5a4cd0fc2f045ea357942dd25 (patch) | |
| tree | db0bef4a8e4fc6e9130c13413dcf33eb947a4418 /lib/private | |
| parent | 2812b98957cd7002879619658ceffe6572e1fc7f (diff) | |
| parent | 1131e6fabdeb5d14b5afc263644fbe183eba7e33 (diff) | |
| download | nextcloud-server-44d7dbb33d4006a5a4cd0fc2f045ea357942dd25.tar.gz nextcloud-server-44d7dbb33d4006a5a4cd0fc2f045ea357942dd25.zip | |
Merge pull request #38276 from nextcloud/backport/38274/stable25
[stable25] fix(middleware): Also abort the request when reaching max delay in af…
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php index 069d04a9e75..c36c6412fb7 100644 --- a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php @@ -78,8 +78,16 @@ class BruteForceMiddleware extends Middleware { if ($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) { $action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action'); $ip = $this->request->getRemoteAddress(); - $this->throttler->sleepDelay($ip, $action); $this->throttler->registerAttempt($action, $ip, $response->getThrottleMetadata()); + try { + $this->throttler->sleepDelayOrThrowOnMax($ip, $action); + } catch (MaxDelayReached $e) { + if ($controller instanceof OCSController) { + throw new OCSException($e->getMessage(), Http::STATUS_TOO_MANY_REQUESTS); + } + + return new TooManyRequestsResponse(); + } } return parent::afterController($controller, $methodName, $response); |