diff options
author | Joas Schilling <coding@schilljs.com> | 2023-02-06 18:47:16 +0100 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2023-02-06 18:47:16 +0100 |
commit | d01c24c2f6bf28241b29170e198f6f240cae8670 (patch) | |
tree | b3f9b2bf1d4434d5cb3e23dab84711a238c75677 /lib/Controller/PageController.php | |
parent | f4cb7df6ae0e728af2246885a80f3a7ad0829f41 (diff) |
Always log the token and reset again when joining successfully
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/Controller/PageController.php')
-rw-r--r-- | lib/Controller/PageController.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 6585efcba..d0985fb6e 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -184,6 +184,7 @@ class PageController extends Controller { * @throws HintException */ public function index(string $token = '', string $callUser = '', string $password = ''): Response { + $bruteForceToken = $token; $user = $this->userSession->getUser(); if (!$user instanceof IUser) { return $this->guestEnterRoom($token, $password); @@ -296,7 +297,7 @@ class PageController extends Controller { $response->setContentSecurityPolicy($csp); if ($throttle) { // Logged-in user tried to access a chat they can not access - $response->throttle(); + $response->throttle(['token' => $bruteForceToken]); } return $response; } @@ -321,7 +322,7 @@ class PageController extends Controller { $response = new RedirectResponse($this->url->linkToRoute('core.login.showLoginForm', [ 'redirect_url' => $redirectUrl, ])); - $response->throttle(); + $response->throttle(['token' => $token]); return $response; } |