X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2Fuser%2FBotPassword.php;h=b898d8a5da443f8a73489c0fa1821f68cb2b8150;hp=25625e72c8c97712d438fec931741612c7af8851;hb=25390162c755eb19077310fc04b8f3d19bf1dc23;hpb=971a50c4f3c61fb3a4bec60cd712317bb8ddcb9a

diff --git a/includes/user/BotPassword.php b/includes/user/BotPassword.php
index 25625e72c8..b898d8a5da 100644
--- a/includes/user/BotPassword.php
+++ b/includes/user/BotPassword.php
@@ -437,7 +437,7 @@ class BotPassword implements IDBAccessObject {
 	 * @return Status On success, the good status's value is the new Session object
 	 */
 	public static function login( $username, $password, WebRequest $request ) {
-		global $wgEnableBotPasswords;
+		global $wgEnableBotPasswords, $wgPasswordAttemptThrottle;
 
 		if ( !$wgEnableBotPasswords ) {
 			return Status::newFatal( 'botpasswords-disabled' );
@@ -462,6 +462,20 @@ class BotPassword implements IDBAccessObject {
 			return Status::newFatal( 'nosuchuser', $name );
 		}
 
+		// Throttle
+		$throttle = null;
+		if ( !empty( $wgPasswordAttemptThrottle ) ) {
+			$throttle = new MediaWiki\Auth\Throttler( $wgPasswordAttemptThrottle, [
+				'type' => 'botpassword',
+				'cache' => ObjectCache::getLocalClusterInstance(),
+			] );
+			$result = $throttle->increase( $user->getName(), $request->getIP(), __METHOD__ );
+			if ( $result ) {
+				$msg = wfMessage( 'login-throttled' )->durationParams( $result['wait'] );
+				return Status::newFatal( $msg );
+			}
+		}
+
 		// Get the bot password
 		$bp = self::newFromUser( $user, $appId );
 		if ( !$bp ) {
@@ -480,6 +494,9 @@ class BotPassword implements IDBAccessObject {
 		}
 
 		// Ok! Create the session.
+		if ( $throttle ) {
+			$throttle->clear( $user->getName(), $request->getIP() );
+		}
 		return Status::newGood( $provider->newSessionForRequest( $user, $bp, $request ) );
 	}
 }