diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-04-24 13:00:44 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-04-24 13:00:44 +0200 |
| commit | e5693a79038d26426a66416b73340c1646737ce7 (patch) | |
| tree | 7e3e34ecdfba3d0d4198e41215369665cd7f7cdf | |
| parent | a51ebee5a24619c15981a0b6abd08f790ad659df (diff) | |
fix(controllers): Always specify the bruteforced action
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/Controller/FilesIntegrationController.php | 2 | ||||
| -rw-r--r-- | lib/Controller/PageController.php | 10 | ||||
| -rw-r--r-- | lib/Controller/RecordingController.php | 4 | ||||
| -rw-r--r-- | lib/Controller/RoomController.php | 15 | ||||
| -rw-r--r-- | lib/Controller/SignalingController.php | 2 |
5 files changed, 17 insertions, 16 deletions
diff --git a/lib/Controller/FilesIntegrationController.php b/lib/Controller/FilesIntegrationController.php index ba011c635..0b47254e0 100644 --- a/lib/Controller/FilesIntegrationController.php +++ b/lib/Controller/FilesIntegrationController.php @@ -197,7 +197,7 @@ class FilesIntegrationController extends OCSController { } } catch (ShareNotFound $e) { $response = new DataResponse([], Http::STATUS_NOT_FOUND); - $response->throttle(['token' => $shareToken]); + $response->throttle(['token' => $shareToken, 'action' => 'shareinfo']); return $response; } diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 1efe8c198..3c5781587 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -258,7 +258,7 @@ class PageController extends Controller { $response = new RedirectResponse($passwordVerification['url']); } - $response->throttle(['token' => $token]); + $response->throttle(['token' => $token, 'action' => 'talkRoomPassword']); return $response; } } @@ -302,7 +302,7 @@ class PageController extends Controller { $response->setContentSecurityPolicy($csp); if ($throttle) { // Logged-in user tried to access a chat they can not access - $response->throttle(['token' => $bruteForceToken]); + $response->throttle(['token' => $bruteForceToken, 'action' => 'talkRoomToken']); } return $response; } @@ -320,7 +320,7 @@ class PageController extends Controller { $room = $this->manager->getRoomByToken($token); } catch (RoomNotFoundException $e) { $response = new NotFoundResponse(); - $response->throttle(['token' => $token]); + $response->throttle(['token' => $token, 'action' => 'talkRoomToken']); return $response; } @@ -377,7 +377,7 @@ class PageController extends Controller { $response = new RedirectResponse($this->url->linkToRoute('core.login.showLoginForm', [ 'redirect_url' => $redirectUrl, ])); - $response->throttle(['token' => $token]); + $response->throttle(['token' => $token, 'action' => 'talkRoomToken']); return $response; } @@ -401,7 +401,7 @@ class PageController extends Controller { } else { $response = new RedirectResponse($passwordVerification['url']); } - $response->throttle(['token' => $token]); + $response->throttle(['token' => $token, 'action' => 'talkRoomPassword']); return $response; } } diff --git a/lib/Controller/RecordingController.php b/lib/Controller/RecordingController.php index b016e00c4..f4ab1a6b3 100644 --- a/lib/Controller/RecordingController.php +++ b/lib/Controller/RecordingController.php @@ -147,7 +147,7 @@ class RecordingController extends AEnvironmentAwareController { 'message' => 'The request could not be authenticated.', ], ], Http::STATUS_FORBIDDEN); - $response->throttle(); + $response->throttle(['action' => 'talkRecordingSecret']); return $response; } @@ -305,7 +305,7 @@ class RecordingController extends AEnvironmentAwareController { 'message' => 'The request could not be authenticated.', ], ], Http::STATUS_UNAUTHORIZED); - $response->throttle(); + $response->throttle(['action' => 'talkRecordingSecret']); return $response; } diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php index c8121437e..23e7953ff 100644 --- a/lib/Controller/RoomController.php +++ b/lib/Controller/RoomController.php @@ -366,7 +366,7 @@ class RoomController extends AEnvironmentAwareController { return new DataResponse($this->formatRoom($room, $participant, $statuses, $isSIPBridgeRequest), Http::STATUS_OK, $this->getTalkHashHeader()); } catch (RoomNotFoundException $e) { $response = new DataResponse([], Http::STATUS_NOT_FOUND); - $response->throttle(['token' => $token]); + $response->throttle(['token' => $token, 'action' => 'talkRoomToken']); return $response; } } @@ -1230,6 +1230,7 @@ class RoomController extends AEnvironmentAwareController { * @return DataResponse */ #[BruteForceProtection(action: 'talkRoomPassword')] + #[BruteForceProtection(action: 'talkRoomToken')] public function joinRoom(string $token, string $password = '', bool $force = true): DataResponse { $sessionId = $this->session->getSessionForRoom($token); try { @@ -1285,11 +1286,11 @@ class RoomController extends AEnvironmentAwareController { $this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomToken', ['token' => $token]); } catch (InvalidPasswordException $e) { $response = new DataResponse([], Http::STATUS_FORBIDDEN); - $response->throttle(['token' => $token]); + $response->throttle(['token' => $token, 'action' => 'talkRoomPassword']); return $response; } catch (UnauthorizedException $e) { $response = new DataResponse([], Http::STATUS_NOT_FOUND); - $response->throttle(['token' => $token]); + $response->throttle(['token' => $token, 'action' => 'talkRoomToken']); return $response; } @@ -1315,12 +1316,12 @@ class RoomController extends AEnvironmentAwareController { try { if (!$this->validateSIPBridgeRequest($this->room->getToken())) { $response = new DataResponse([], Http::STATUS_UNAUTHORIZED); - $response->throttle(); + $response->throttle(['action' => 'talkSipBridgeSecret']); return $response; } } catch (UnauthorizedException $e) { $response = new DataResponse([], Http::STATUS_UNAUTHORIZED); - $response->throttle(); + $response->throttle(['action' => 'talkSipBridgeSecret']); return $response; } @@ -1344,12 +1345,12 @@ class RoomController extends AEnvironmentAwareController { try { if (!$this->validateSIPBridgeRequest($this->room->getToken())) { $response = new DataResponse([], Http::STATUS_UNAUTHORIZED); - $response->throttle(); + $response->throttle(['action' => 'talkSipBridgeSecret']); return $response; } } catch (UnauthorizedException $e) { $response = new DataResponse([], Http::STATUS_UNAUTHORIZED); - $response->throttle(); + $response->throttle(['action' => 'talkSipBridgeSecret']); return $response; } diff --git a/lib/Controller/SignalingController.php b/lib/Controller/SignalingController.php index 1652672fa..bff25ff8e 100644 --- a/lib/Controller/SignalingController.php +++ b/lib/Controller/SignalingController.php @@ -541,7 +541,7 @@ class SignalingController extends OCSController { 'message' => 'The request could not be authenticated.', ], ]); - $response->throttle(); + $response->throttle(['action' => 'talkSignalingSecret']); return $response; } |