|
@@ -77,7 +77,7 @@ class VerificationController extends Controller {
|
|
|
* @NoAdminRequired
|
|
|
* @NoSubAdminRequired
|
|
|
*/
|
|
|
- public function showVerifyMail(string $token, string $userId, string $key) {
|
|
|
+ public function showVerifyMail(string $token, string $userId, string $key): TemplateResponse {
|
|
|
if ($this->userSession->getUser()->getUID() !== $userId) {
|
|
|
// not a public page, hence getUser() must return an IUser
|
|
|
throw new InvalidArgumentException('Logged in user is not mail address owner');
|
|
@@ -95,8 +95,10 @@ class VerificationController extends Controller {
|
|
|
/**
|
|
|
* @NoAdminRequired
|
|
|
* @NoSubAdminRequired
|
|
|
+ * @BruteForceProtection(action=emailVerification)
|
|
|
*/
|
|
|
- public function verifyMail(string $token, string $userId, string $key) {
|
|
|
+ public function verifyMail(string $token, string $userId, string $key): TemplateResponse {
|
|
|
+ $throttle = false;
|
|
|
try {
|
|
|
if ($this->userSession->getUser()->getUID() !== $userId) {
|
|
|
throw new InvalidArgumentException('Logged in user is not mail address owner');
|
|
@@ -118,9 +120,12 @@ class VerificationController extends Controller {
|
|
|
$this->accountManager->updateAccount($userAccount);
|
|
|
$this->verificationToken->delete($token, $user, 'verifyMail' . $ref);
|
|
|
} catch (InvalidTokenException $e) {
|
|
|
- $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED
|
|
|
- ? $this->l10n->t('Could not verify mail because the token is expired.')
|
|
|
- : $this->l10n->t('Could not verify mail because the token is invalid.');
|
|
|
+ if ($e->getCode() === InvalidTokenException::TOKEN_EXPIRED) {
|
|
|
+ $error = $this->l10n->t('Could not verify mail because the token is expired.');
|
|
|
+ } else {
|
|
|
+ $throttle = true;
|
|
|
+ $error = $this->l10n->t('Could not verify mail because the token is invalid.');
|
|
|
+ }
|
|
|
} catch (InvalidArgumentException $e) {
|
|
|
$error = $e->getMessage();
|
|
|
} catch (\Exception $e) {
|
|
@@ -128,10 +133,14 @@ class VerificationController extends Controller {
|
|
|
}
|
|
|
|
|
|
if (isset($error)) {
|
|
|
- return new TemplateResponse(
|
|
|
+ $response = new TemplateResponse(
|
|
|
'core', 'error', [
|
|
|
'errors' => [['error' => $error]]
|
|
|
], TemplateResponse::RENDER_AS_GUEST);
|
|
|
+ if ($throttle) {
|
|
|
+ $response->throttle();
|
|
|
+ }
|
|
|
+ return $response;
|
|
|
}
|
|
|
|
|
|
return new TemplateResponse(
|