Merge pull request #26787 from nextcloud/backport/26718/stable19

[stable19] Fix ratelimit template
2021-04-29 10:10:54 +02:00 · 2021-04-29 10:10:54 +02:00 · ecab69d513
parent 4369d1cf1d 43d6921772
commit ecab69d513
4 changed files with 22 additions and 21 deletions
--- a/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
@ -27,7 +27,7 @@ namespace OC\AppFramework\Middleware\Security;
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Security\RateLimiting\Exception\RateLimitExceededException;
 use OC\Security\RateLimiting\Limiter;
-use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Middleware;
 use OCP\IRequest;
@ -110,21 +110,16 @@ class RateLimitingMiddleware extends Middleware {
 	public function afterException($controller, $methodName, \Exception $exception) {
 		if ($exception instanceof RateLimitExceededException) {
 			if (stripos($this->request->getHeader('Accept'),'html') === false) {
-				$response = new JSONResponse(
+				$response = new DataResponse([], $exception->getCode());
+			} else {
+				$response = new TemplateResponse(
+					'core',
+					'403',
 					[
 						'message' => $exception->getMessage(),
 					],
-					$exception->getCode()
+					'guest'
 				);
-			} else {
-				$response = new TemplateResponse(
-						'core',
-						'403',
-							[
-								'file' => $exception->getMessage()
-							],
-						'guest'
-					);
 				$response->setStatus($exception->getCode());
 			}

--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@ -212,6 +212,10 @@ class Throttler {
 			return 0;
 		}

+		if ($ip === '') {
+			return 0;
+		}
+
 		$cutoffTime = (new \DateTime())
 			->sub($this->getCutoff(43200))
 			->getTimestamp();
--- a/lib/private/Template/Base.php
+++ b/lib/private/Template/Base.php
@ -168,7 +168,9 @@ class Base {
 		if (!is_null($additionalParams)) {
 			$_ = array_merge($additionalParams, $this->vars);
 			foreach ($_ as $var => $value) {
-				${$var} = $value;
+				if (!isset(${$var})) {
+					${$var} = $value;
+				}
 			}
 		}

--- a/tests/lib/AppFramework/Middleware/Security/RateLimitingMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/RateLimitingMiddlewareTest.php
@ -26,13 +26,16 @@ use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Security\RateLimiting\Exception\RateLimitExceededException;
 use OC\Security\RateLimiting\Limiter;
 use OCP\AppFramework\Controller;
-use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\IRequest;
 use OCP\IUser;
 use OCP\IUserSession;
 use Test\TestCase;

+/**
+ * @group DB
+ */
 class RateLimitingMiddlewareTest extends TestCase {
 	/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
 	private $request;
@ -229,7 +232,7 @@ class RateLimitingMiddlewareTest extends TestCase {
 		$this->rateLimitingMiddleware->beforeController($controller, 'testMethod');
 	}

-	
+
 	public function testAfterExceptionWithOtherException() {
 		$this->expectException(\Exception::class);
 		$this->expectExceptionMessage('My test exception');
@ -250,11 +253,7 @@ class RateLimitingMiddlewareTest extends TestCase {
 			->willReturn('JSON');

 		$result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException());
-		$expected = new JSONResponse(
-			[
-				'message' => 'Rate limit exceeded',
-			],
-			429
+		$expected = new DataResponse([], 429
 		);
 		$this->assertEquals($expected, $result);
 	}
@ -273,11 +272,12 @@ class RateLimitingMiddlewareTest extends TestCase {
 			'core',
 			'403',
 			[
-				'file' => 'Rate limit exceeded',
+				'message' => 'Rate limit exceeded',
 			],
 			'guest'
 		);
 		$expected->setStatus(429);
 		$this->assertEquals($expected, $result);
+		$this->assertIsString($result->render());
 	}
 }