fix(controllers): Migrate to proper "multiple bruteforce protections" support

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2023-04-24 13:10:55 +0200
committer: Joas Schilling <coding@schilljs.com> 2023-04-24 13:10:55 +0200
commit: 2bef32969f4f00cec4bfed1592b15e4372248458 (patch)
tree: ea489a253903df4b13befa38e6d9ecdc71c88f8d /lib/Controller/RoomController.php
parent: e5693a79038d26426a66416b73340c1646737ce7 (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php
index 23e7953ff..8d4f9d2a4 100644
--- a/lib/Controller/RoomController.php
+++ b/lib/Controller/RoomController.php
@@ -318,15 +318,14 @@ class RoomController extends AEnvironmentAwareController {
 	 * @return DataResponse
 	 */
 	#[BruteForceProtection(action: 'talkRoomToken')]
+	#[BruteForceProtection(action: 'talkSipBridgeSecret')]
 	public function getSingleRoom(string $token): DataResponse {
 		try {
 			$isSIPBridgeRequest = $this->validateSIPBridgeRequest($token);
 		} catch (UnauthorizedException $e) {
-			$ip = $this->request->getRemoteAddress();
-			$action = 'talkSipBridgeSecret';
-			$this->throttler->sleepDelay($ip, $action);
-			$this->throttler->registerAttempt($action, $ip);
-			return new DataResponse([], Http::STATUS_UNAUTHORIZED);
+			$response = new DataResponse([], Http::STATUS_UNAUTHORIZED);
+			$response->throttle(['action' => 'talkSipBridgeSecret']);
+			return $response;
 		}
 
 		// The SIP bridge only needs room details (public, sip enabled, lobby state, etc)
author	Joas Schilling <coding@schilljs.com>	2023-04-24 13:10:55 +0200
committer	Joas Schilling <coding@schilljs.com>	2023-04-24 13:10:55 +0200
commit	2bef32969f4f00cec4bfed1592b15e4372248458 (patch)
tree	ea489a253903df4b13befa38e6d9ecdc71c88f8d /lib/Controller/RoomController.php
parent	e5693a79038d26426a66416b73340c1646737ce7 (diff)