diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index f22fee4f5e79c..1fc475840cc4a 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -233,7 +233,7 @@ private function setPasswordResetInitialState(?string $username): void { $this->canResetPassword($passwordLink, $user) ); } - + /** * Sets the initial state of whether or not a user is allowed to login with their email * initial state is passed in the array of 1 for email allowed and 0 for not allowed @@ -325,7 +325,8 @@ public function tryLogin(Chain $loginChain, $user, $user, $redirect_url, - self::LOGIN_MSG_CSRFCHECKFAILED + self::LOGIN_MSG_CSRFCHECKFAILED, + false, ); } @@ -375,7 +376,12 @@ public function tryLogin(Chain $loginChain, * @return RedirectResponse */ private function createLoginFailedResponse( - $user, $originalUser, $redirect_url, string $loginMessage) { + $user, + $originalUser, + $redirect_url, + string $loginMessage, + bool $throttle = true, + ) { // Read current user and append if possible we need to // return the unmodified user otherwise we will leak the login name $args = $user !== null ? ['user' => $originalUser, 'direct' => 1] : []; @@ -385,7 +391,9 @@ private function createLoginFailedResponse( $response = new RedirectResponse( $this->urlGenerator->linkToRoute('core.login.showLoginForm', $args) ); - $response->throttle(['user' => substr($user, 0, 64)]); + if ($throttle) { + $response->throttle(['user' => substr($user, 0, 64)]); + } $this->session->set('loginMessages', [ [$loginMessage], [] ]); diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php index 6956182993029..cf9113bf3eb2d 100644 --- a/tests/Core/Controller/LoginControllerTest.php +++ b/tests/Core/Controller/LoginControllerTest.php @@ -534,7 +534,6 @@ public function testLoginWithoutPassedCsrfCheckAndNotLoggedIn(): void { $response = $this->loginController->tryLogin($loginChain, 'Jane', $password, $originalUrl); $expected = new RedirectResponse(''); - $expected->throttle(['user' => 'Jane']); $this->assertEquals($expected, $response); }