Skip to content

Commit 8a8feea

Browse files
kesselbbackportbot[bot]
authored andcommitted
fix(bruteforce): Don't throttle requests with failing CSRF
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
1 parent a777c3f commit 8a8feea

2 files changed

Lines changed: 1 addition & 1 deletion

File tree

core/Controller/LoginController.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -319,6 +319,7 @@ public function tryLogin(
319319
// case when a user has already logged-in, in another tab.
320320
return $this->generateRedirect($redirect_url);
321321
}
322+
$throttle = false;
322323
$error = self::LOGIN_MSG_CSRFCHECKFAILED;
323324
}
324325

tests/Core/Controller/LoginControllerTest.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -597,7 +597,6 @@ public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn(bool $rememberme):
597597
$response = $this->loginController->tryLogin($loginChain, $trustedDomainHelper, 'Jane', $password, $rememberme, $originalUrl);
598598

599599
$expected = new RedirectResponse('');
600-
$expected->throttle(['user' => 'Jane']);
601600
$this->assertEquals($expected, $response);
602601
}
603602

0 commit comments

Comments
 (0)