diff options
author | Julius Härtl <jus@bitgrid.net> | 2021-07-13 23:01:54 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-13 23:01:54 +0300 |
commit | 4c994ddff3b006fdeff11f269d2faf8f59d921c3 (patch) | |
tree | 831f48b259a2ebf590a9cf7b25b1e319b5376ee1 /lib | |
parent | b4a336e3c9be46b195f868b3c5059f31fb5ec0bf (diff) | |
parent | 402a5d607a486dda9f9d31b77ad4e02d38226f5b (diff) |
Merge pull request #1663 from nextcloud/add-some-throttling
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Controller/OCSController.php | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/lib/Controller/OCSController.php b/lib/Controller/OCSController.php index 3294ea67..20927f4f 100644 --- a/lib/Controller/OCSController.php +++ b/lib/Controller/OCSController.php @@ -39,6 +39,7 @@ use OCP\Files\Node; use OCP\Files\NotFoundException; use OCP\IRequest; use OCP\IURLGenerator; +use OCP\Share\Exceptions\ShareNotFound; use OCP\Share\IManager; class OCSController extends \OCP\AppFramework\OCSController { @@ -184,6 +185,7 @@ class OCSController extends \OCP\AppFramework\OCSController { /** * @PublicPage * @NoCSRFRequired + * @BruteForceProtection(action=richdocumentsCreatePublicFromInitiator) * @throws OCSForbiddenException */ public function createPublicFromInitiator( @@ -193,9 +195,18 @@ class OCSController extends \OCP\AppFramework\OCSController { string $path = '', string $password = null ): DataResponse { - $share = $this->shareManager->getShareByToken($shareToken); + try { + $share = $this->shareManager->getShareByToken($shareToken); + } catch (ShareNotFound $ex) { + $response = new DataResponse([], HTTP::STATUS_NOT_FOUND); + $response->throttle(); + return $response; + } + if ($share->getPassword() && !$this->shareManager->checkPassword($share, $password)) { - throw new OCSForbiddenException(); + $response = new DataResponse([], HTTP::STATUS_FORBIDDEN); + $response->throttle(); + return $response; } $node = $share->getNode(); |