Merge pull request #26787 from nextcloud/backport/26718/stable19

[stable19] Fix ratelimit template
This commit is contained in:
Roeland Jago Douma 2021-04-29 10:10:54 +02:00 committed by GitHub
commit ecab69d513
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 21 deletions

View File

@ -27,7 +27,7 @@ namespace OC\AppFramework\Middleware\Security;
use OC\AppFramework\Utility\ControllerMethodReflector; use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\RateLimiting\Exception\RateLimitExceededException; use OC\Security\RateLimiting\Exception\RateLimitExceededException;
use OC\Security\RateLimiting\Limiter; use OC\Security\RateLimiting\Limiter;
use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Middleware; use OCP\AppFramework\Middleware;
use OCP\IRequest; use OCP\IRequest;
@ -110,21 +110,16 @@ class RateLimitingMiddleware extends Middleware {
public function afterException($controller, $methodName, \Exception $exception) { public function afterException($controller, $methodName, \Exception $exception) {
if ($exception instanceof RateLimitExceededException) { if ($exception instanceof RateLimitExceededException) {
if (stripos($this->request->getHeader('Accept'),'html') === false) { if (stripos($this->request->getHeader('Accept'),'html') === false) {
$response = new JSONResponse( $response = new DataResponse([], $exception->getCode());
} else {
$response = new TemplateResponse(
'core',
'403',
[ [
'message' => $exception->getMessage(), 'message' => $exception->getMessage(),
], ],
$exception->getCode() 'guest'
); );
} else {
$response = new TemplateResponse(
'core',
'403',
[
'file' => $exception->getMessage()
],
'guest'
);
$response->setStatus($exception->getCode()); $response->setStatus($exception->getCode());
} }

View File

@ -212,6 +212,10 @@ class Throttler {
return 0; return 0;
} }
if ($ip === '') {
return 0;
}
$cutoffTime = (new \DateTime()) $cutoffTime = (new \DateTime())
->sub($this->getCutoff(43200)) ->sub($this->getCutoff(43200))
->getTimestamp(); ->getTimestamp();

View File

@ -168,7 +168,9 @@ class Base {
if (!is_null($additionalParams)) { if (!is_null($additionalParams)) {
$_ = array_merge($additionalParams, $this->vars); $_ = array_merge($additionalParams, $this->vars);
foreach ($_ as $var => $value) { foreach ($_ as $var => $value) {
${$var} = $value; if (!isset(${$var})) {
${$var} = $value;
}
} }
} }

View File

@ -26,13 +26,16 @@ use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Security\RateLimiting\Exception\RateLimitExceededException; use OC\Security\RateLimiting\Exception\RateLimitExceededException;
use OC\Security\RateLimiting\Limiter; use OC\Security\RateLimiting\Limiter;
use OCP\AppFramework\Controller; use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Http\TemplateResponse;
use OCP\IRequest; use OCP\IRequest;
use OCP\IUser; use OCP\IUser;
use OCP\IUserSession; use OCP\IUserSession;
use Test\TestCase; use Test\TestCase;
/**
* @group DB
*/
class RateLimitingMiddlewareTest extends TestCase { class RateLimitingMiddlewareTest extends TestCase {
/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */ /** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
private $request; private $request;
@ -229,7 +232,7 @@ class RateLimitingMiddlewareTest extends TestCase {
$this->rateLimitingMiddleware->beforeController($controller, 'testMethod'); $this->rateLimitingMiddleware->beforeController($controller, 'testMethod');
} }
public function testAfterExceptionWithOtherException() { public function testAfterExceptionWithOtherException() {
$this->expectException(\Exception::class); $this->expectException(\Exception::class);
$this->expectExceptionMessage('My test exception'); $this->expectExceptionMessage('My test exception');
@ -250,11 +253,7 @@ class RateLimitingMiddlewareTest extends TestCase {
->willReturn('JSON'); ->willReturn('JSON');
$result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException()); $result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException());
$expected = new JSONResponse( $expected = new DataResponse([], 429
[
'message' => 'Rate limit exceeded',
],
429
); );
$this->assertEquals($expected, $result); $this->assertEquals($expected, $result);
} }
@ -273,11 +272,12 @@ class RateLimitingMiddlewareTest extends TestCase {
'core', 'core',
'403', '403',
[ [
'file' => 'Rate limit exceeded', 'message' => 'Rate limit exceeded',
], ],
'guest' 'guest'
); );
$expected->setStatus(429); $expected->setStatus(429);
$this->assertEquals($expected, $result); $this->assertEquals($expected, $result);
$this->assertIsString($result->render());
} }
} }