diff options
| author | Joas Schilling <coding@schilljs.com> | 2022-06-10 15:40:52 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2022-06-10 15:46:20 +0300 |
| commit | dfe0958c461dcec1216f71c5b4f795c276f5bc5e (patch) | |
| tree | 7ae4b57cf3133692f377cd30042fa072bf9c48b3 | |
| parent | 2048ef7528e71dd6dbb5473dd29ea461b72cb7d1 (diff) | |
Add brute force protection for public room passwordsbugfix/noid/brute-force-protect-public-room-passwords
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/Controller/PageController.php | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 0cada87b2..03ed94660 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -129,6 +129,7 @@ class PageController extends Controller { * @PublicPage * @NoCSRFRequired * @UseSession + * @BruteForceProtection(action=talkRoomPassword) * * @param string $token * @param string $password @@ -177,6 +178,7 @@ class PageController extends Controller { return $this->guestEnterRoom($token, $password); } + $throttle = false; if ($token !== '') { $room = null; try { @@ -205,6 +207,7 @@ class PageController extends Controller { } catch (RoomNotFoundException $e) { // Room not found, redirect to main page $token = ''; + $throttle = true; } if ($room instanceof Room && $room->hasPassword()) { @@ -227,12 +230,15 @@ class PageController extends Controller { } else { $this->talkSession->removePasswordForRoom($token); if ($passwordVerification['url'] === '') { - return new TemplateResponse($this->appName, 'authenticate', [ + $response = new TemplateResponse($this->appName, 'authenticate', [ 'wrongpw' => $password !== '', ], 'guest'); + } else { + $response = new RedirectResponse($passwordVerification['url']); } - return new RedirectResponse($passwordVerification['url']); + $response->throttle(); + return $response; } } } @@ -268,6 +274,10 @@ class PageController extends Controller { $csp->addAllowedConnectDomain("'self'"); $csp->addAllowedImageDomain('https://*.tile.openstreetmap.org'); $response->setContentSecurityPolicy($csp); + if ($throttle) { + // Login in user tried to access a chat they can not access + $response->throttle(); + } return $response; } @@ -288,9 +298,11 @@ class PageController extends Controller { if ($token) { $redirectUrl = $this->url->linkToRoute('spreed.Page.showCall', ['token' => $token]); } - return new RedirectResponse($this->url->linkToRoute('core.login.showLoginForm', [ + $response = new RedirectResponse($this->url->linkToRoute('core.login.showLoginForm', [ 'redirect_url' => $redirectUrl, ])); + $response->throttle(); + return $response; } if ($room->hasPassword()) { @@ -303,12 +315,15 @@ class PageController extends Controller { } else { $this->talkSession->removePasswordForRoom($token); if ($passwordVerification['url'] === '') { - return new TemplateResponse($this->appName, 'authenticate', [ + $response = new TemplateResponse($this->appName, 'authenticate', [ 'wrongpw' => $password !== '', ], 'guest'); + } else { + $response = new RedirectResponse($passwordVerification['url']); } - return new RedirectResponse($passwordVerification['url']); + $response->throttle(); + return $response; } } |