diff options
| -rw-r--r-- | core/Controller/LostController.php | 18 | ||||
| -rw-r--r-- | tests/Core/Controller/LostControllerTest.php | 16 |
2 files changed, 20 insertions, 14 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index 51ab8d85a6e..127c6310f6b 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -201,7 +201,7 @@ class LostController extends Controller { } $user = trim($user); - + \OCP\Util::emitHook( '\OCA\Files_Sharing\API\Server2Server', 'preLoginNameUsedAsUserName', @@ -225,8 +225,10 @@ class LostController extends Controller { /** * @PublicPage + * @BruteForceProtection(action=passwordResetEmail) + * @AnonRateThrottle(limit=10, period=300) */ - public function setPassword(string $token, string $userId, string $password, bool $proceed): array { + public function setPassword(string $token, string $userId, string $password, bool $proceed): JSONResponse { if ($this->encryptionManager->isEnabled() && !$proceed) { $encryptionModules = $this->encryptionManager->getEncryptionModules(); foreach ($encryptionModules as $module) { @@ -234,7 +236,7 @@ class LostController extends Controller { $instance = call_user_func($module['callback']); // this way we can find out whether per-user keys are used or a system wide encryption key if ($instance->needDetailedAccessList()) { - return $this->error('', ['encryption' => true]); + return new JSONResponse($this->error('', ['encryption' => true])); } } } @@ -262,12 +264,16 @@ class LostController extends Controller { $this->config->deleteUserValue($userId, 'core', 'lostpassword'); @\OC::$server->getUserSession()->unsetMagicInCookie(); } catch (HintException $e) { - return $this->error($e->getHint()); + $response = new JSONResponse($this->error($e->getHint())); + $response->throttle(); + return $response; } catch (Exception $e) { - return $this->error($e->getMessage()); + $response = new JSONResponse($this->error($e->getMessage())); + $response->throttle(); + return $response; } - return $this->success(['user' => $userId]); + return new JSONResponse($this->success(['user' => $userId])); } /** diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php index 1481a1e46d4..84ec450943e 100644 --- a/tests/Core/Controller/LostControllerTest.php +++ b/tests/Core/Controller/LostControllerTest.php @@ -449,7 +449,7 @@ class LostControllerTest extends TestCase { $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true); $expectedResponse = ['status' => 'error', 'msg' => '']; - $this->assertSame($expectedResponse, $response); + $this->assertSame($expectedResponse, $response->getData()); } public function testSetPasswordSuccessful() { @@ -477,7 +477,7 @@ class LostControllerTest extends TestCase { $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', true); $expectedResponse = ['user' => 'ValidTokenUser', 'status' => 'success']; - $this->assertSame($expectedResponse, $response); + $this->assertSame($expectedResponse, $response->getData()); } public function testSetPasswordExpiredToken() { @@ -496,7 +496,7 @@ class LostControllerTest extends TestCase { 'status' => 'error', 'msg' => 'Could not reset password because the token is expired', ]; - $this->assertSame($expectedResponse, $response); + $this->assertSame($expectedResponse, $response->getData()); } public function testSetPasswordInvalidDataInDb() { @@ -516,7 +516,7 @@ class LostControllerTest extends TestCase { 'status' => 'error', 'msg' => 'Could not reset password because the token is invalid', ]; - $this->assertSame($expectedResponse, $response); + $this->assertSame($expectedResponse, $response->getData()); } public function testIsSetPasswordWithoutTokenFailing() { @@ -535,7 +535,7 @@ class LostControllerTest extends TestCase { 'status' => 'error', 'msg' => 'Could not reset password because the token is invalid' ]; - $this->assertSame($expectedResponse, $response); + $this->assertSame($expectedResponse, $response->getData()); } public function testSetPasswordForDisabledUser() { @@ -565,7 +565,7 @@ class LostControllerTest extends TestCase { 'status' => 'error', 'msg' => 'Could not reset password because the token is invalid' ]; - $this->assertSame($expectedResponse, $response); + $this->assertSame($expectedResponse, $response->getData()); } public function testSendEmailNoEmail() { @@ -601,7 +601,7 @@ class LostControllerTest extends TestCase { }]]); $response = $this->lostController->setPassword('myToken', 'user', 'newpass', false); $expectedResponse = ['status' => 'error', 'msg' => '', 'encryption' => true]; - $this->assertSame($expectedResponse, $response); + $this->assertSame($expectedResponse, $response->getData()); } public function testSetPasswordDontProceedMasterKey() { @@ -629,7 +629,7 @@ class LostControllerTest extends TestCase { $response = $this->lostController->setPassword('TheOnlyAndOnlyOneTokenToResetThePassword', 'ValidTokenUser', 'NewPassword', false); $expectedResponse = ['user' => 'ValidTokenUser', 'status' => 'success']; - $this->assertSame($expectedResponse, $response); + $this->assertSame($expectedResponse, $response->getData()); } public function testTwoUsersWithSameEmail() { |