From ba4f12baa02dfb55ec8822687896d643261440c4 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 20 Jul 2016 18:36:15 +0200
Subject: Implement brute force protection

Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
---
 lib/private/legacy/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/private/legacy/api.php')

diff --git a/lib/private/legacy/api.php b/lib/private/legacy/api.php
index 024f3c0fb63..88eb7b09a78 100644
--- a/lib/private/legacy/api.php
+++ b/lib/private/legacy/api.php
@@ -364,7 +364,7 @@ class OC_API {
 		try {
 			$loginSuccess = $userSession->tryTokenLogin($request);
 			if (!$loginSuccess) {
-				$loginSuccess = $userSession->tryBasicAuthLogin($request);
+				$loginSuccess = $userSession->tryBasicAuthLogin($request, \OC::$server->getBruteForceThrottler());
 			}
 		} catch (\OC\User\LoginException $e) {
 			return false;
-- 
cgit v1.2.3