Skip to content

Commit 789b29e

Browse files
Merge pull request #61885 from nextcloud/backport/61686/stable33
[stable33] fix(bruteforce): Don't throttle requests with failing CSRF
2 parents f2bec71 + 09017bb commit 789b29e

2 files changed

Lines changed: 1 addition & 1 deletion

File tree

core/Controller/LoginController.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -319,6 +319,7 @@ public function tryLogin(
319319
// case when a user has already logged-in, in another tab.
320320
return $this->generateRedirect($redirect_url);
321321
}
322+
$throttle = false;
322323
$error = self::LOGIN_MSG_CSRFCHECKFAILED;
323324
}
324325

tests/Core/Controller/LoginControllerTest.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -596,7 +596,6 @@ public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn(bool $rememberme):
596596
$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, 'Jane', $password, $rememberme, $originalUrl);
597597

598598
$expected = new RedirectResponse('');
599-
$expected->throttle(['user' => 'Jane']);
600599
$this->assertEquals($expected, $response);
601600
}
602601

0 commit comments

Comments
 (0)