diff options
author | Joas Schilling <coding@schilljs.com> | 2023-08-10 12:01:22 +0200 |
---|---|---|
committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2023-08-10 12:19:08 +0000 |
commit | d3f3dd5c6616c1410d5abb5b031c39010774d39d (patch) | |
tree | 953ade374643102cdad0756342defbafaa3f32b5 /lib/Controller/PageController.php | |
parent | b6c1db53c7cd6ff36dcbd1f0ffb0ae50e8dbe975 (diff) |
fix(bruteforce): Fix resetting the bruteforce protection
Since the metadata field was extended to track the password and token
separately the metadata comparison on the reset did not match anymore.
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/Controller/PageController.php')
-rw-r--r-- | lib/Controller/PageController.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 0909e3fec..caad0ae60 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -238,7 +238,7 @@ class PageController extends Controller { if ($passwordVerification['result']) { $this->talkSession->renewSessionId(); $this->talkSession->setPasswordForRoom($token, $password); - $this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token]); + $this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token, 'action' => 'talkRoomPassword']); } else { $this->talkSession->removePasswordForRoom($token); $showBruteForceWarning = $this->throttler->getDelay($this->request->getRemoteAddress(), 'talkRoomPassword') > 5000; @@ -381,7 +381,7 @@ class PageController extends Controller { if ($passwordVerification['result']) { $this->talkSession->renewSessionId(); $this->talkSession->setPasswordForRoom($token, $password); - $this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token]); + $this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomPassword', ['token' => $token, 'action' => 'talkRoomPassword']); } else { $this->talkSession->removePasswordForRoom($token); $showBruteForceWarning = $this->throttler->getDelay($this->request->getRemoteAddress(), 'talkRoomPassword') > 5000; |