diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index f116ffab2afa4..87a02e8af8e70 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -207,7 +207,7 @@ private function setPasswordResetInitialState(?string $username): void { $this->canResetPassword($passwordLink, $user) ); } - + /** * Sets the initial state of whether or not a user is allowed to login with their email * initial state is passed in the array of 1 for email allowed and 0 for not allowed @@ -299,7 +299,8 @@ public function tryLogin(Chain $loginChain, $user, $user, $redirect_url, - self::LOGIN_MSG_CSRFCHECKFAILED + self::LOGIN_MSG_CSRFCHECKFAILED, + false, ); } @@ -349,7 +350,12 @@ public function tryLogin(Chain $loginChain, * @return RedirectResponse */ private function createLoginFailedResponse( - $user, $originalUser, $redirect_url, string $loginMessage) { + $user, + $originalUser, + $redirect_url, + string $loginMessage, + bool $throttle = true, + ) { // Read current user and append if possible we need to // return the unmodified user otherwise we will leak the login name $args = $user !== null ? ['user' => $originalUser, 'direct' => 1] : []; @@ -359,7 +365,9 @@ private function createLoginFailedResponse( $response = new RedirectResponse( $this->urlGenerator->linkToRoute('core.login.showLoginForm', $args) ); - $response->throttle(['user' => substr($user, 0, 64)]); + if ($throttle) { + $response->throttle(['user' => substr($user, 0, 64)]); + } $this->session->set('loginMessages', [ [$loginMessage], [] ]); diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php index 8fe24f156f671..50ecbe5e19c0b 100644 --- a/tests/Core/Controller/LoginControllerTest.php +++ b/tests/Core/Controller/LoginControllerTest.php @@ -520,7 +520,6 @@ public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn(): void { $response = $this->loginController->tryLogin($loginChain, 'Jane', $password, $originalUrl); $expected = new RedirectResponse(''); - $expected->throttle(['user' => 'Jane']); $this->assertEquals($expected, $response); }