Add metadata to \OCP\AppFramework\Http\Response::throttle

Fixes https://github.com/nextcloud/server/issues/5891

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

2 files changed, 16 insertions, 2 deletions

diff --git a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
index b361f453bdb..75cf40b0ace 100644
--- a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
@@ -75,7 +75,7 @@ class BruteForceMiddleware extends Middleware {
 			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
 			$ip = $this->request->getRemoteAddress();
 			$this->throttler->sleepDelay($ip, $action);
-			$this->throttler->registerAttempt($action, $ip);
+			$this->throttler->registerAttempt($action, $ip, $response->getThrottleMetadata());
 		}
 
 		return parent::afterController($controller, $methodName, $response);
diff --git a/lib/public/AppFramework/Http/Response.php b/lib/public/AppFramework/Http/Response.php
index 087522386be..4e79e20a73f 100644
--- a/lib/public/AppFramework/Http/Response.php
+++ b/lib/public/AppFramework/Http/Response.php
@@ -83,6 +83,8 @@ class Response {
 
 	/** @var bool */
 	private $throttled = false;
+	/** @var array */
+	private $throttleMetadata = [];
 
 	/**
 	 * Caches the response
@@ -328,10 +330,22 @@ class Response {
 	 * Marks the response as to throttle. Will be throttled when the
 	 * @BruteForceProtection annotation is added.
 	 *
+	 * @param array $metadata
 	 * @since 12.0.0
 	 */
-	public function throttle() {
+	public function throttle(array $metadata = []) {
 		$this->throttled = true;
+		$this->throttleMetadata = $metadata;
+	}
+
+	/**
+	 * Returns the throttle metadata, defaults to empty array
+	 *
+	 * @return array
+	 * @since 13.0.0
+	 */
+	public function getThrottleMetadata() {
+		return $this->throttleMetadata;
 	}
 
 	/**