dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Add throttling for BotPasswords authentication attempts
[lhc/web/wiklou.git] / includes / api / ApiLogin.php
diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index aa7e25e..9636789 100644 (file)
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -134,7 +134,7 @@ class ApiLogin extends ApiBase {
                                $session = $status->getValue();
                                $authRes = 'Success';
                                $loginType = 'BotPassword';
-                       } elseif ( !$botLoginData[2] ) {
+                       } elseif ( !$botLoginData[2] || $status->hasMessage( 'login-throttled' ) ) {
                                $authRes = 'Failed';
                                $message = $status->getMessage();
                                LoggerFactory::getInstance( 'authentication' )->info(
Wiklou, le Wiki du Wiklou