From 727688ebd9c7cdeea4495e93f11b7f7bef9af109 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Fri, 14 Apr 2017 13:42:40 +0200
Subject: Adjust existing bruteforce protection code

- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 core/Controller/LostController.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'core/Controller/LostController.php')

diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 4597124897b..7a2590094b5 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -32,6 +32,7 @@ namespace OC\Core\Controller;
 
 use OCA\Encryption\Exceptions\PrivateKeyMissingException;
 use \OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\JSONResponse;
 use \OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Defaults;
@@ -207,17 +208,21 @@ class LostController extends Controller {
 	 * @BruteForceProtection(action=passwordResetEmail)
 	 *
 	 * @param string $user
-	 * @return array
+	 * @return JSONResponse
 	 */
 	public function email($user){
 		// FIXME: use HTTP error codes
 		try {
 			$this->sendEmail($user);
 		} catch (\Exception $e){
-			return $this->error($e->getMessage());
+			$response = new JSONResponse($this->error($e->getMessage()));
+			$response->throttle();
+			return $response;
 		}
 
-		return $this->success();
+		$response = new JSONResponse($this->success());
+		$response->throttle();
+		return $response;
 	}
 
 	/**
-- 
cgit v1.2.3