From 9b6538ca1a2246aac094cc5290fac4f8b280bcf6 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Thu, 10 Aug 2023 12:01:22 +0200
Subject: [PATCH] fix(bruteforce): Fix resetting the bruteforce protection

Since the metadata field was extended to track the password and token
separately the metadata comparison on the reset did not match anymore.

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/Controller/PageController.php | 4 ++--
 lib/Controller/RoomController.php | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index e2fa2432086..9c32adc0fb8 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -209,7 +209,7 @@ public function index(string $token = '', string $callUser = '', string $passwor
 					if ($passwordVerification['result']) {
 						$this->talkSession->renewSessionId();
 						$this->talkSession->setPasswordForRoom($token, $password);
-						$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token]);
+						$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token, 'action' => 'talkRoomPassword']);
 					} else {
 						$this->talkSession->removePasswordForRoom($token);
 						$showBruteForceWarning = $this->throttler->getDelay($this->request->getRemoteAddress(), 'talkRoomPassword') > 5000;
@@ -352,7 +352,7 @@ protected function guestEnterRoom(string $token, string $password): Response {
 			if ($passwordVerification['result']) {
 				$this->talkSession->renewSessionId();
 				$this->talkSession->setPasswordForRoom($token, $password);
-				$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token]);
+				$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token, 'action' => 'talkRoomPassword']);
 			} else {
 				$this->talkSession->removePasswordForRoom($token);
 				$showBruteForceWarning = $this->throttler->getDelay($this->request->getRemoteAddress(), 'talkRoomPassword') > 5000;
diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php
index 3eef339dfbe..39475ba62f7 100644
--- a/lib/Controller/RoomController.php
+++ b/lib/Controller/RoomController.php
@@ -1154,7 +1154,8 @@ public function joinRoom(string $token, string $password = '', bool $force = tru
 			} else {
 				$participant = $this->participantService->joinRoomAsNewGuest($this->roomService, $room, $password, $result['result'], $previousParticipant);
 			}
-			$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomToken', ['token' => $token]);
+			$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token, 'action' => 'talkRoomPassword']);
+			$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomToken', ['token' => $token, 'action' => 'talkRoomToken']);
 		} catch (InvalidPasswordException $e) {
 			$response = new DataResponse([], Http::STATUS_FORBIDDEN);
 			$response->throttle(['token' => $token, 'action' => 'talkRoomPassword']);