Skip to content

Commit

Permalink
Merge pull request #10163 from nextcloud/bugfix/noid/fix-bfp-reset
Browse files Browse the repository at this point in the history 
fix(bruteforce): Fix resetting the bruteforce protection
  • Loading branch information
@nickvergessen
nickvergessen authored Aug 10, 2023
2 parents 0784176 + 9b6538c commit 922691d
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
4 changes: 2 additions & 2 deletions lib/Controller/PageController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@ public function index(string $token = '', string $callUser = '', string $passwor
if ($passwordVerification['result']) {
$this->talkSession->renewSessionId();
$this->talkSession->setPasswordForRoom($token, $password);
$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token]);
$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token, 'action' => 'talkRoomPassword']);
} else {
$this->talkSession->removePasswordForRoom($token);
$showBruteForceWarning = $this->throttler->getDelay($this->request->getRemoteAddress(), 'talkRoomPassword') > 5000;
Expand Down Expand Up @@ -352,7 +352,7 @@ protected function guestEnterRoom(string $token, string $password): Response {
if ($passwordVerification['result']) {
$this->talkSession->renewSessionId();
$this->talkSession->setPasswordForRoom($token, $password);
$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token]);
$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token, 'action' => 'talkRoomPassword']);
} else {
$this->talkSession->removePasswordForRoom($token);
$showBruteForceWarning = $this->throttler->getDelay($this->request->getRemoteAddress(), 'talkRoomPassword') > 5000;
Expand Down
3 changes: 2 additions & 1 deletion lib/Controller/RoomController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1154,7 +1154,8 @@ public function joinRoom(string $token, string $password = '', bool $force = tru
} else {
$participant = $this->participantService->joinRoomAsNewGuest($this->roomService, $room, $password, $result['result'], $previousParticipant);
}
$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomToken', ['token' => $token]);
$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token, 'action' => 'talkRoomPassword']);
$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomToken', ['token' => $token, 'action' => 'talkRoomToken']);
} catch (InvalidPasswordException $e) {
$response = new DataResponse([], Http::STATUS_FORBIDDEN);
$response->throttle(['token' => $token, 'action' => 'talkRoomPassword']);
Expand Down

0 comments on commit 922691d

Please sign in to comment.