diff options
author | Joas Schilling <coding@schilljs.com> | 2022-06-13 11:30:21 +0200 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2022-06-30 16:26:42 +0200 |
commit | 99846f58ce49d8580440b69132339de99f6651c5 (patch) | |
tree | 8ff6b28d04f757f77dac73438985b8e8fdca2eaa /lib/Controller/PageController.php | |
parent | 57b28f64d6b02a7879da51e7c264a87472e94ed8 (diff) |
Add brute-force protection to conversation passwords
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/Controller/PageController.php')
-rw-r--r-- | lib/Controller/PageController.php | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 0cada87b2..e8d4beeb6 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -129,6 +129,7 @@ class PageController extends Controller { * @PublicPage * @NoCSRFRequired * @UseSession + * @BruteForceProtection(action=talkRoomPassword) * * @param string $token * @param string $password @@ -177,6 +178,7 @@ class PageController extends Controller { return $this->guestEnterRoom($token, $password); } + $throttle = false; if ($token !== '') { $room = null; try { @@ -205,6 +207,7 @@ class PageController extends Controller { } catch (RoomNotFoundException $e) { // Room not found, redirect to main page $token = ''; + $throttle = true; } if ($room instanceof Room && $room->hasPassword()) { @@ -227,12 +230,15 @@ class PageController extends Controller { } else { $this->talkSession->removePasswordForRoom($token); if ($passwordVerification['url'] === '') { - return new TemplateResponse($this->appName, 'authenticate', [ + $response = new TemplateResponse($this->appName, 'authenticate', [ 'wrongpw' => $password !== '', ], 'guest'); + } else { + $response = new RedirectResponse($passwordVerification['url']); } - return new RedirectResponse($passwordVerification['url']); + $response->throttle(); + return $response; } } } @@ -268,6 +274,10 @@ class PageController extends Controller { $csp->addAllowedConnectDomain("'self'"); $csp->addAllowedImageDomain('https://*.tile.openstreetmap.org'); $response->setContentSecurityPolicy($csp); + if ($throttle) { + // Logged-in user tried to access a chat they can not access + $response->throttle(); + } return $response; } @@ -288,9 +298,11 @@ class PageController extends Controller { if ($token) { $redirectUrl = $this->url->linkToRoute('spreed.Page.showCall', ['token' => $token]); } - return new RedirectResponse($this->url->linkToRoute('core.login.showLoginForm', [ + $response = new RedirectResponse($this->url->linkToRoute('core.login.showLoginForm', [ 'redirect_url' => $redirectUrl, ])); + $response->throttle(); + return $response; } if ($room->hasPassword()) { @@ -303,12 +315,14 @@ class PageController extends Controller { } else { $this->talkSession->removePasswordForRoom($token); if ($passwordVerification['url'] === '') { - return new TemplateResponse($this->appName, 'authenticate', [ + $response = new TemplateResponse($this->appName, 'authenticate', [ 'wrongpw' => $password !== '', ], 'guest'); + } else { + $response = new RedirectResponse($passwordVerification['url']); } - - return new RedirectResponse($passwordVerification['url']); + $response->throttle(); + return $response; } } |