Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve failure handling in controllers #615

Merged
merged 3 commits into from
Apr 24, 2023
Merged

Improve failure handling in controllers #615

merged 3 commits into from
Apr 24, 2023

Conversation

julien-nc
Copy link
Member

@julien-nc julien-nc commented Apr 21, 2023
edited
Loading

Better handling of failures in:

  • Id4meController::login
  • Id4meController::code
  • LoginController::login
  • LoginController::code
  • LoginController::singleLogoutService
  • LoginController::backChannelLogout

@julien-nc julien-nc added the security Pull requests that address a security vulnerability label Apr 21, 2023
@julien-nc julien-nc changed the title Add bruteforce protection Improve failure handling in controllers Apr 21, 2023
nickvergessen
nickvergessen reviewed Apr 21, 2023
View reviewed changes
lib/Controller/Id4meController.php Outdated
@@ -117,6 +131,8 @@ public function __construct(
$this->id4MeMapper = $id4MeMapper;
$this->config = $config;
$this->l10n = $l10n;
$this->loginController = $loginController;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Injecting a controller into another cries for just creating a shared base class instead 🙈

@julien-nc julien-nc force-pushed the fix/bruteforce-protection branch 3 times, most recently from 0d327db to c3d54af Compare April 24, 2023 09:00
@juliusknorr juliusknorr mentioned this pull request Apr 24, 2023
Merged
@julien-nc
add bruteforce protection to the login controller
d61bbf1 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
@julien-nc
add bruteforce protection to the Id4Me controller
ae44248 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
@julien-nc
put response helper methods in a base class for login and id4me contr…
c249585 
…ollers

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
@julien-nc julien-nc merged commit 4f9bef7 into main Apr 24, 2023
@julien-nc julien-nc deleted the fix/bruteforce-protection branch April 24, 2023 17:11
@julien-nc julien-nc mentioned this pull request Apr 25, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@juliusknorr juliusknorr juliusknorr approved these changes

Assignees
No one assigned
Labels
security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@julien-nc @nickvergessen @juliusknorr