Add bruteforce checker to Person.php

Also check for attempts on this endpoint

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2016-11-14 15:26:23 +01:00
parent 3acfc4e9cd
commit 6afad44091
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
1 changed files with 3 additions and 0 deletions

View File

@ -31,10 +31,13 @@ class Person {
$login = isset($_POST['login']) ? $_POST['login'] : false; $login = isset($_POST['login']) ? $_POST['login'] : false;
$password = isset($_POST['password']) ? $_POST['password'] : false; $password = isset($_POST['password']) ? $_POST['password'] : false;
if($login && $password) { if($login && $password) {
$remoteIp = \OC::$server->getRequest()->getRemoteAddress();
\OC::$server->getBruteForceThrottler()->sleepDelay($remoteIp);
if(\OC_User::checkPassword($login, $password)) { if(\OC_User::checkPassword($login, $password)) {
$xml['person']['personid'] = $login; $xml['person']['personid'] = $login;
return new Result($xml); return new Result($xml);
} else { } else {
\OC::$server->getBruteForceThrottler()->registerAttempt('login', $remoteIp);
return new Result(null, 102); return new Result(null, 102);
} }
} else { } else {