Add bruteforce checker to Person.php
Also check for attempts on this endpoint Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
parent
3acfc4e9cd
commit
6afad44091
|
@ -31,10 +31,13 @@ class Person {
|
||||||
$login = isset($_POST['login']) ? $_POST['login'] : false;
|
$login = isset($_POST['login']) ? $_POST['login'] : false;
|
||||||
$password = isset($_POST['password']) ? $_POST['password'] : false;
|
$password = isset($_POST['password']) ? $_POST['password'] : false;
|
||||||
if($login && $password) {
|
if($login && $password) {
|
||||||
|
$remoteIp = \OC::$server->getRequest()->getRemoteAddress();
|
||||||
|
\OC::$server->getBruteForceThrottler()->sleepDelay($remoteIp);
|
||||||
if(\OC_User::checkPassword($login, $password)) {
|
if(\OC_User::checkPassword($login, $password)) {
|
||||||
$xml['person']['personid'] = $login;
|
$xml['person']['personid'] = $login;
|
||||||
return new Result($xml);
|
return new Result($xml);
|
||||||
} else {
|
} else {
|
||||||
|
\OC::$server->getBruteForceThrottler()->registerAttempt('login', $remoteIp);
|
||||||
return new Result(null, 102);
|
return new Result(null, 102);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue