aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/AppFramework/Middleware/Security/CORSMiddleware.php')
-rw-r--r--lib/private/AppFramework/Middleware/Security/CORSMiddleware.php25
1 files changed, 11 insertions, 14 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
index 32a507623e3..04de4bc92d3 100644
--- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
@@ -27,6 +27,7 @@ namespace OC\AppFramework\Middleware\Security;
use OC\AppFramework\Middleware\Security\Exceptions\SecurityException;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
+use OC\Security\Bruteforce\Throttler;
use OC\User\Session;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
@@ -42,33 +43,29 @@ use OCP\IRequest;
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
*/
class CORSMiddleware extends Middleware {
-
- /**
- * @var IRequest
- */
+ /** @var IRequest */
private $request;
-
- /**
- * @var ControllerMethodReflector
- */
+ /** @var ControllerMethodReflector */
private $reflector;
-
- /**
- * @var Session
- */
+ /** @var Session */
private $session;
+ /** @var Throttler */
+ private $throttler;
/**
* @param IRequest $request
* @param ControllerMethodReflector $reflector
* @param Session $session
+ * @param Throttler $throttler
*/
public function __construct(IRequest $request,
ControllerMethodReflector $reflector,
- Session $session) {
+ Session $session,
+ Throttler $throttler) {
$this->request = $request;
$this->reflector = $reflector;
$this->session = $session;
+ $this->throttler = $throttler;
}
/**
@@ -91,7 +88,7 @@ class CORSMiddleware extends Middleware {
$this->session->logout();
try {
- if (!$this->session->logClientIn($user, $pass, $this->request)) {
+ if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {
throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED);
}
} catch (PasswordLoginForbiddenException $ex) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-17 23:15:39 +0000