Merge pull request #26787 from nextcloud/backport/26718/stable19

[stable19] Fix ratelimit template
This commit is contained in:
Roeland Jago Douma 2021-04-29 10:10:54 +02:00 committed by GitHub
commit ecab69d513
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 21 deletions

View File

@ -27,7 +27,7 @@ namespace OC\AppFramework\Middleware\Security;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
use OC\Security\RateLimiting\Limiter;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Middleware;
use OCP\IRequest;
@ -110,21 +110,16 @@ class RateLimitingMiddleware extends Middleware {
public function afterException($controller, $methodName, \Exception $exception) {
if ($exception instanceof RateLimitExceededException) {
if (stripos($this->request->getHeader('Accept'),'html') === false) {
$response = new JSONResponse(
$response = new DataResponse([], $exception->getCode());
} else {
$response = new TemplateResponse(
'core',
'403',
[
'message' => $exception->getMessage(),
],
$exception->getCode()
'guest'
);
} else {
$response = new TemplateResponse(
'core',
'403',
[
'file' => $exception->getMessage()
],
'guest'
);
$response->setStatus($exception->getCode());
}

View File

@ -212,6 +212,10 @@ class Throttler {
return 0;
}
if ($ip === '') {
return 0;
}
$cutoffTime = (new \DateTime())
->sub($this->getCutoff(43200))
->getTimestamp();

View File

@ -168,7 +168,9 @@ class Base {
if (!is_null($additionalParams)) {
$_ = array_merge($additionalParams, $this->vars);
foreach ($_ as $var => $value) {
${$var} = $value;
if (!isset(${$var})) {
${$var} = $value;
}
}
}

View File

@ -26,13 +26,16 @@ use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
use OC\Security\RateLimiting\Limiter;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\IRequest;
use OCP\IUser;
use OCP\IUserSession;
use Test\TestCase;
/**
* @group DB
*/
class RateLimitingMiddlewareTest extends TestCase {
/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
private $request;
@ -229,7 +232,7 @@ class RateLimitingMiddlewareTest extends TestCase {
$this->rateLimitingMiddleware->beforeController($controller, 'testMethod');
}
public function testAfterExceptionWithOtherException() {
$this->expectException(\Exception::class);
$this->expectExceptionMessage('My test exception');
@ -250,11 +253,7 @@ class RateLimitingMiddlewareTest extends TestCase {
->willReturn('JSON');
$result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException());
$expected = new JSONResponse(
[
'message' => 'Rate limit exceeded',
],
429
$expected = new DataResponse([], 429
);
$this->assertEquals($expected, $result);
}
@ -273,11 +272,12 @@ class RateLimitingMiddlewareTest extends TestCase {
'core',
'403',
[
'file' => 'Rate limit exceeded',
'message' => 'Rate limit exceeded',
],
'guest'
);
$expected->setStatus(429);
$this->assertEquals($expected, $result);
$this->assertIsString($result->render());
}
}