diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2021-07-13 18:17:44 +0300 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2021-07-13 18:17:44 +0300 |
commit | 9455e019d926cef6fbc93a49d5bd82167a2e81dd (patch) | |
tree | 983962768971e9dbeb2ce698357971eccbb6e3ee /lib | |
parent | b4a336e3c9be46b195f868b3c5059f31fb5ec0bf (diff) |
Throttle on invalid share tokens
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Controller/OCSController.php | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/lib/Controller/OCSController.php b/lib/Controller/OCSController.php index 3294ea67..20927f4f 100644 --- a/lib/Controller/OCSController.php +++ b/lib/Controller/OCSController.php @@ -39,6 +39,7 @@ use OCP\Files\Node; use OCP\Files\NotFoundException; use OCP\IRequest; use OCP\IURLGenerator; +use OCP\Share\Exceptions\ShareNotFound; use OCP\Share\IManager; class OCSController extends \OCP\AppFramework\OCSController { @@ -184,6 +185,7 @@ class OCSController extends \OCP\AppFramework\OCSController { /** * @PublicPage * @NoCSRFRequired + * @BruteForceProtection(action=richdocumentsCreatePublicFromInitiator) * @throws OCSForbiddenException */ public function createPublicFromInitiator( @@ -193,9 +195,18 @@ class OCSController extends \OCP\AppFramework\OCSController { string $path = '', string $password = null ): DataResponse { - $share = $this->shareManager->getShareByToken($shareToken); + try { + $share = $this->shareManager->getShareByToken($shareToken); + } catch (ShareNotFound $ex) { + $response = new DataResponse([], HTTP::STATUS_NOT_FOUND); + $response->throttle(); + return $response; + } + if ($share->getPassword() && !$this->shareManager->checkPassword($share, $password)) { - throw new OCSForbiddenException(); + $response = new DataResponse([], HTTP::STATUS_FORBIDDEN); + $response->throttle(); + return $response; } $node = $share->getNode(); |