Show warning about the throttling

Signed-off-by: Joas Schilling <coding@schilljs.com>

2 files changed, 18 insertions, 1 deletions

diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index e8d4beeb6..4334211bf 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -25,6 +25,7 @@ declare(strict_types=1);
 
 namespace OCA\Talk\Controller;
 
+use OC\Security\Bruteforce\Throttler;
 use OCA\Talk\AppInfo\Application;
 use OCA\Talk\Exceptions\ParticipantNotFoundException;
 use OCA\Talk\Exceptions\RoomNotFoundException;
@@ -73,6 +74,7 @@ class PageController extends Controller {
 	private INotificationManager $notificationManager;
 	private IAppManager $appManager;
 	private IRootFolder $rootFolder;
+	private Throttler $throttler;
 
 	public function __construct(string $appName,
 								IRequest $request,
@@ -90,6 +92,7 @@ class PageController extends Controller {
 								IInitialState $initialState,
 								ICacheFactory $memcacheFactory,
 								IRootFolder $rootFolder,
+								Throttler $throttler,
 								Config $talkConfig,
 								IConfig $serverConfig) {
 		parent::__construct($appName, $request);
@@ -107,6 +110,7 @@ class PageController extends Controller {
 		$this->initialState = $initialState;
 		$this->memcacheFactory = $memcacheFactory;
 		$this->rootFolder = $rootFolder;
+		$this->throttler = $throttler;
 		$this->talkConfig = $talkConfig;
 		$this->serverConfig = $serverConfig;
 	}
@@ -229,9 +233,12 @@ class PageController extends Controller {
 						$this->talkSession->setPasswordForRoom($token, $password);
 					} else {
 						$this->talkSession->removePasswordForRoom($token);
+						$showBruteForceWarning = $this->throttler->getDelay($this->request->getRemoteAddress(), 'talkRoomPassword') > 5000;
+
 						if ($passwordVerification['url'] === '') {
 							$response = new TemplateResponse($this->appName, 'authenticate', [
 								'wrongpw' => $password !== '',
+								'showBruteForceWarning' => $showBruteForceWarning,
 							], 'guest');
 						} else {
 							$response = new RedirectResponse($passwordVerification['url']);
@@ -314,9 +321,12 @@ class PageController extends Controller {
 				$this->talkSession->setPasswordForRoom($token, $password);
 			} else {
 				$this->talkSession->removePasswordForRoom($token);
+				$showBruteForceWarning = $this->throttler->getDelay($this->request->getRemoteAddress(), 'talkRoomPassword') > 5000;
+
 				if ($passwordVerification['url'] === '') {
 					$response = new TemplateResponse($this->appName, 'authenticate', [
 						'wrongpw' => $password !== '',
+						'showBruteForceWarning' => $showBruteForceWarning,
 					], 'guest');
 				} else {
 					$response = new RedirectResponse($passwordVerification['url']);
diff --git a/templates/authenticate.php b/templates/authenticate.php
index f62042e1b..ba7d5e7a6 100644
--- a/templates/authenticate.php
+++ b/templates/authenticate.php
@@ -7,7 +7,14 @@ script('core', 'publicshareauth');
 <form method="post">
 	<fieldset class="warning">
 		<?php if (!$_['wrongpw']) { ?>
-			<div class="warning-info"><?php p($l->t('This conversation is password-protected')); ?></div>
+			<div class="warning-info">
+				<?php p($l->t('This conversation is password-protected.')); ?>
+				<?php if ($_['showBruteForceWarning']) { ?>
+					<?php p($l->t('We have detected multiple invalid password attempts from your IP. Therefore your next attempt is throttled up to 30 seconds.')); ?>
+				<?php } ?>
+			</div>
+		<?php } elseif ($_['showBruteForceWarning']) { ?>
+			<div class="warning-info"><?php p($l->t('We have detected multiple invalid password attempts from your IP. Therefore your next attempt is throttled up to 30 seconds.')); ?></div>
 		<?php } else { ?>
 			<div class="warning"><?php p($l->t('The password is wrong. Try again.')); ?></div>
 		<?php } ?>