Merge pull request #26788 from nextcloud/backport/26718/stable20

[stable20] Fix ratelimit template
2021-04-28 09:54:14 +02:00 · 2021-04-28 09:54:14 +02:00 · f8f32d79d7
parent c5ac15925b 498ac1c6f5
commit f8f32d79d7
3 changed files with 19 additions and 26 deletions
--- a/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
@ -27,7 +27,7 @@ namespace OC\AppFramework\Middleware\Security;
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Security\RateLimiting\Exception\RateLimitExceededException;
 use OC\Security\RateLimiting\Limiter;
-use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Middleware;
 use OCP\IRequest;
@ -110,21 +110,14 @@ class RateLimitingMiddleware extends Middleware {
 	public function afterException($controller, $methodName, \Exception $exception) {
 		if ($exception instanceof RateLimitExceededException) {
 			if (stripos($this->request->getHeader('Accept'),'html') === false) {
-				$response = new JSONResponse(
+				$response = new DataResponse([], $exception->getCode());
 					[
 						'message' => $exception->getMessage(),
 					],
 					$exception->getCode()
 				);
 			} else {
 				$response = new TemplateResponse(
-						'core',
+					'core',
-						'403',
+					'429',
-							[
+					[],
-								'file' => $exception->getMessage()
+					TemplateResponse::RENDER_AS_GUEST
-							],
+				);
 						'guest'
 					);
 				$response->setStatus($exception->getCode());
 			}
--- a/lib/private/Template/Base.php
+++ b/lib/private/Template/Base.php
@ -168,7 +168,9 @@ class Base {
 		if (!is_null($additionalParams)) {
 			$_ = array_merge($additionalParams, $this->vars);
 			foreach ($_ as $var => $value) {
-				${$var} = $value;
+				if (!isset(${$var})) {
 					${$var} = $value;
 				}
 			}
 		}
--- a/tests/lib/AppFramework/Middleware/Security/RateLimitingMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/RateLimitingMiddlewareTest.php
@ -26,13 +26,16 @@ use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Security\RateLimiting\Exception\RateLimitExceededException;
 use OC\Security\RateLimiting\Limiter;
 use OCP\AppFramework\Controller;
-use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\IRequest;
 use OCP\IUser;
 use OCP\IUserSession;
 use Test\TestCase;
 /**
 * @group DB
 */
 class RateLimitingMiddlewareTest extends TestCase {
 	/** @var IRequest|\PHPUnit\Framework\MockObject\MockObject */
 	private $request;
@ -250,11 +253,7 @@ class RateLimitingMiddlewareTest extends TestCase {
 			->willReturn('JSON');
 		$result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException());
-		$expected = new JSONResponse(
+		$expected = new DataResponse([], 429
 			[
 				'message' => 'Rate limit exceeded',
 			],
 			429
 		);
 		$this->assertEquals($expected, $result);
 	}
@ -271,13 +270,12 @@ class RateLimitingMiddlewareTest extends TestCase {
 		$result = $this->rateLimitingMiddleware->afterException($controller, 'testMethod', new RateLimitExceededException());
 		$expected = new TemplateResponse(
 			'core',
-			'403',
+			'429',
-			[
+			[],
-				'file' => 'Rate limit exceeded',
+			TemplateResponse::RENDER_AS_GUEST
 			],
 			'guest'
 		);
 		$expected->setStatus(429);
 		$this->assertEquals($expected, $result);
 		$this->assertIsString($result->render());
 	}
 }