Merge pull request #12054 from nextcloud/revert-12029-bugfix/noid/don…

…t-bruteforce-throttle-undefined Revert "fix(frontpage): Don't bruteforce protect "undefined""
nextcloud · Apr 11, 2024 · aea57ef · aea57ef
2 parents 9ebb97f + 03ace02
commit aea57ef
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 17 deletions.
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
@@ -205,11 +205,8 @@ protected function pageHandler(string $token = '', string $callUser = '', string
 				}
 			} catch (RoomNotFoundException $e) {
 				// Room not found, redirect to main page
-				$throttle = $token !== 'undefined';
-				if ($token === 'undefined') {
-					$this->logger->debug('User "' . ($this->userId ?? 'ANONYMOUS') . '" tried to access "undefined"', ['app' => 'spreed-bfp']);
-				}
 				$token = '';
+				$throttle = true;
 			}
 
 			if ($room instanceof Room && $room->hasPassword()) {
@@ -364,13 +361,7 @@ protected function guestEnterRoom(string $token, string $password): Response {
 			$response = new RedirectResponse($this->url->linkToRoute('core.login.showLoginForm', [
 				'redirect_url' => $redirectUrl,
 			]));
-			if ($token !== 'undefined') {
-				// Logged-in user tried to access a chat they can not access
-				$this->logger->debug('User "' . ($this->userId ?? 'ANONYMOUS') . '" throttled for accessing "' . $token . '"', ['app' => 'spreed-bfp']);
-				$response->throttle(['token' => $token, 'action' => 'talkRoomToken']);
-			} else {
-				$this->logger->debug('User "' . ($this->userId ?? 'ANONYMOUS') . '" tried to access "undefined"', ['app' => 'spreed-bfp']);
-			}
+			$response->throttle(['token' => $token, 'action' => 'talkRoomToken']);
 			return $response;
 		}
 

diff --git a/tests/integration/features/conversation-1/bruteforce-protection.feature b/tests/integration/features/conversation-1/bruteforce-protection.feature
@@ -72,12 +72,6 @@ Feature: conversation/bruteforce-protection
     When user "participant2" views call-URL of room "invalid" with 200
     When user "participant2" views call-URL of room "invalid" with 200
     When user "participant2" views call-URL of room "invalid" with 200
-    When user "participant2" views call-URL of room "undefined" with 200
-    When user "participant2" views call-URL of room "undefined" with 200
-    When user "participant2" views call-URL of room "undefined" with 200
-    When user "participant2" views call-URL of room "undefined" with 200
-    When user "participant2" views call-URL of room "undefined" with 200
-    When user "participant2" views call-URL of room "undefined" with 200
     When user "participant2" views call-URL of room "invalid" with 200
     When user "participant2" views call-URL of room "invalid" with 200
     When user "participant2" views call-URL of room "invalid" with 200