diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2017-04-13 22:50:44 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2017-04-13 23:05:33 +0200 |
commit | 8149945a916447b4e7dae8182dbf0c354e7d19e8 (patch) | |
tree | 3217c40a9071b56191bf4dd979900defa4888c5f /lib/public | |
parent | d0c0f6cfc1871c90cd43d3b005206a360b5bb540 (diff) | |
download | nextcloud-server-8149945a916447b4e7dae8182dbf0c354e7d19e8.tar.gz nextcloud-server-8149945a916447b4e7dae8182dbf0c354e7d19e8.zip |
Make BruteForceProtection annotation more clever
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.
Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib/public')
-rw-r--r-- | lib/public/AppFramework/Http/Response.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/lib/public/AppFramework/Http/Response.php b/lib/public/AppFramework/Http/Response.php index 051e68f3144..087522386be 100644 --- a/lib/public/AppFramework/Http/Response.php +++ b/lib/public/AppFramework/Http/Response.php @@ -81,6 +81,8 @@ class Response { /** @var ContentSecurityPolicy|null Used Content-Security-Policy */ private $contentSecurityPolicy = null; + /** @var bool */ + private $throttled = false; /** * Caches the response @@ -322,5 +324,22 @@ class Response { return $this; } + /** + * Marks the response as to throttle. Will be throttled when the + * @BruteForceProtection annotation is added. + * + * @since 12.0.0 + */ + public function throttle() { + $this->throttled = true; + } + /** + * Whether the current response is throttled. + * + * @since 12.0.0 + */ + public function isThrottled() { + return $this->throttled; + } } |