Merge pull request #955 from nextcloud/fix/noid/backchannel-logout-al…

…ways-400-on-error Backchannel logout endpoint should only return 200 or 400
nextcloud · Oct 8, 2024 · cdf2b0d · cdf2b0d
2 parents 7e80252 + 9b5d6c6
commit cdf2b0d
Showing 1 changed file with 4 additions and 9 deletions.
diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php
@@ -671,7 +671,6 @@ public function singleLogoutService() {
 	 *
 	 * @PublicPage
 	 * @NoCSRFRequired
-	 * @BruteForceProtection(action=userOidcBackchannelLogout)
 	 *
 	 * @param string $providerIdentifier
 	 * @param string $logout_token
@@ -788,23 +787,19 @@ public function backChannelLogout(string $providerIdentifier, string $logout_tok
 	 * @param string $error
 	 * @param string $description
 	 * @param array $throttleMetadata
-	 * @param bool|null $throttle
 	 * @return JSONResponse
 	 */
-	private function getBackchannelLogoutErrorResponse(string $error, string $description,
-		array $throttleMetadata = [], ?bool $throttle = null): JSONResponse {
+	private function getBackchannelLogoutErrorResponse(
+		string $error, string $description, array $throttleMetadata = [],
+	): JSONResponse {
 		$this->logger->debug('Backchannel logout error. ' . $error . ' ; ' . $description);
-		$response = new JSONResponse(
+		return new JSONResponse(
 			[
 				'error' => $error,
 				'error_description' => $description,
 			],
 			Http::STATUS_BAD_REQUEST,
 		);
-		if (($throttle === null && !$this->isDebugModeEnabled()) || $throttle) {
-			$response->throttle($throttleMetadata);
-		}
-		return $response;
 	}
 
 	private function toCodeChallenge(string $data): string {