summaryrefslogtreecommitdiffstats
path: root/lib/public
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2017-04-13 22:50:44 +0200
committerLukas Reschke <lukas@statuscode.ch>2017-04-13 23:05:33 +0200
commit8149945a916447b4e7dae8182dbf0c354e7d19e8 (patch)
tree3217c40a9071b56191bf4dd979900defa4888c5f /lib/public
parentd0c0f6cfc1871c90cd43d3b005206a360b5bb540 (diff)
downloadnextcloud-server-8149945a916447b4e7dae8182dbf0c354e7d19e8.tar.gz
nextcloud-server-8149945a916447b4e7dae8182dbf0c354e7d19e8.zip
Make BruteForceProtection annotation more clever
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib/public')
-rw-r--r--lib/public/AppFramework/Http/Response.php19
1 files changed, 19 insertions, 0 deletions
diff --git a/lib/public/AppFramework/Http/Response.php b/lib/public/AppFramework/Http/Response.php
index 051e68f3144..087522386be 100644
--- a/lib/public/AppFramework/Http/Response.php
+++ b/lib/public/AppFramework/Http/Response.php
@@ -81,6 +81,8 @@ class Response {
/** @var ContentSecurityPolicy|null Used Content-Security-Policy */
private $contentSecurityPolicy = null;
+ /** @var bool */
+ private $throttled = false;
/**
* Caches the response
@@ -322,5 +324,22 @@ class Response {
return $this;
}
+ /**
+ * Marks the response as to throttle. Will be throttled when the
+ * @BruteForceProtection annotation is added.
+ *
+ * @since 12.0.0
+ */
+ public function throttle() {
+ $this->throttled = true;
+ }
+ /**
+ * Whether the current response is throttled.
+ *
+ * @since 12.0.0
+ */
+ public function isThrottled() {
+ return $this->throttled;
+ }
}