lockout bugfix and version bump

2025-07-31 02:40:40 +02:00 · 2023-01-20 16:45:35 +01:00
parent 16a856a14b
commit d0936b92c1
4 changed files with 36 additions and 26 deletions
--- a/backend/Controllers/AuthController.php
+++ b/backend/Controllers/AuthController.php
@@ -33,14 +33,6 @@ class AuthController
        $password = $request->input('password');
        $ip = $request->getClientIp();

-        if ($auth->authenticate($username, $password)) {
-            $this->logger->log("Logged in {$username} from IP ".$ip);
-
-            return $response->json($auth->user());
-        }
-
-        $this->logger->log("Login failed for {$username} from IP ".$ip);
-
        $lockfile = md5($ip).'.lock';
        $lockout_attempts = $config->get('lockout_attempts', 5);
        $lockout_timeout = $config->get('lockout_timeout', 15);
@@ -55,6 +47,14 @@ class AuthController
            return $response->json('Not Allowed', 429);
        }

+        if ($auth->authenticate($username, $password)) {
+            $this->logger->log("Logged in {$username} from IP ".$ip);
+
+            return $response->json($auth->user());
+        }
+
+        $this->logger->log("Login failed for {$username} from IP ".$ip);
+
        $tmpfs->write($lockfile, 'x', true);

        return $response->json('Login failed, please try again', 422);