Upstream/Plan
1
0
Fork 0
mirror of https://github.com/plan-player-analytics/Plan.git synced 2024-09-19 10:11:02 +02:00
Code Issues Projects Releases Wiki Activity

Check if user logged in when resetting bruteforce guard.

Browse Source 
Affects issues:
- Fixed #1402
This commit is contained in:
Risto Lahtela 2020-04-14 12:26:37 +03:00
parent baf6fd1075
commit cbd6d5577a
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java
View File

@ -105,7 +105,7 @@ public class RequestHandler implements HttpHandler {
public Response getResponse(HttpExchange exchange) { public Response getResponse(HttpExchange exchange) {
String accessor = exchange.getRemoteAddress().getAddress().getHostAddress(); String accessor = exchange.getRemoteAddress().getAddress().getHostAddress();
Request request; Request request = null;
Response response; Response response;
try { try {
request = buildRequest(exchange); request = buildRequest(exchange);
@ -124,7 +124,10 @@ public class RequestHandler implements HttpHandler {
if (bruteForceGuard.shouldPreventRequest(accessor)) { if (bruteForceGuard.shouldPreventRequest(accessor)) {
response = responseFactory.failedLoginAttempts403(); response = responseFactory.failedLoginAttempts403();
} }
if (response.getCode() != 401 && response.getCode() != 403) { if (response.getCode() != 401 // Not failed
&& response.getCode() != 403 // Not blocked
&& (request != null && request.getUser().isPresent()) // Logged in
) {
bruteForceGuard.resetAttemptCount(accessor); bruteForceGuard.resetAttemptCount(accessor);
} }
return response; return response;