archive
/
nextcloud
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(middleware): Also abort the request when reaching max delay in afterController

Browse Source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
pull/38280/head
Joas Schilling 1 year ago
parent c724d1835e
commit 6ae4876fe9
No known key found for this signature in database
GPG Key ID: 74434EFE0D2E2205
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File

10
lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
Unescape Escape View File

@ -87,8 +87,16 @@ class BruteForceMiddleware extends Middleware {
if ($this->reflector->hasAnnotation('BruteForceProtection') && $response->isThrottled()) {
$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
$ip = $this->request->getRemoteAddress();
$this->throttler->sleepDelay($ip, $action);
$this->throttler->registerAttempt($action, $ip, $response->getThrottleMetadata());
try {
$this->throttler->sleepDelayOrThrowOnMax($ip, $action);
} catch (MaxDelayReached $e) {
if ($controller instanceof OCSController) {
throw new OCSException($e->getMessage(), Http::STATUS_TOO_MANY_REQUESTS);
}
return new TooManyRequestsResponse();
}
}
return parent::afterController($controller, $methodName, $response);

6
tests/lib/AppFramework/Middleware/Security/BruteForceMiddlewareTest.php
Unescape Escape View File

@ -126,7 +126,7 @@ class BruteForceMiddlewareTest extends TestCase {
->willReturn('127.0.0.1');
$this->throttler
->expects($this->once())
->method('sleepDelay')
->method('sleepDelayOrThrowOnMax')
->with('127.0.0.1', 'login');
$this->throttler
->expects($this->once())
@ -158,7 +158,7 @@ class BruteForceMiddlewareTest extends TestCase {
->method('getRemoteAddress');
$this->throttler
->expects($this->never())
->method('sleepDelay');
->method('sleepDelayOrThrowOnMax');
$this->throttler
->expects($this->never())
->method('registerAttempt');
@ -182,7 +182,7 @@ class BruteForceMiddlewareTest extends TestCase {
->method('getRemoteAddress');
$this->throttler
->expects($this->never())
->method('sleepDelay');
->method('sleepDelayOrThrowOnMax');
/** @var Controller|\PHPUnit\Framework\MockObject\MockObject $controller */
$controller = $this->createMock(Controller::class);

Write Preview
Loading…
Cancel
Save