Revision c3509382
Added by Timo Goebel about 5 years ago
| app/controllers/api/graphql_controller.rb | ||
|---|---|---|
|
true
|
||
|
end
|
||
|
|
||
|
def authenticate
|
||
|
if bruteforce_attempt?
|
||
|
log_bruteforce
|
||
|
render_error('Bruteforce attempt.', status: :unauthorized)
|
||
|
return false
|
||
|
end
|
||
|
|
||
|
authenticated = super
|
||
|
|
||
|
count_login_failure if available_sso.present? && !authenticated
|
||
|
|
||
|
authenticated
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def execute_multiplexed_graphql_query
|
||
| ... | ... | |
|
|
||
|
def generic_exception(exception)
|
||
|
Foreman::Logging.exception('Action failed', exception)
|
||
|
render json: "{ 'error': 500 }", :status => :internal_server_error
|
||
|
render_error
|
||
|
end
|
||
|
|
||
|
def render_error(error = 'An error occured.', options = {})
|
||
|
options[:status] ||= :internal_server_error
|
||
|
render options.merge(json: {error: error})
|
||
|
end
|
||
|
end
|
||
|
end
|
||
Also available in: Unified diff
fixes #26669 - graphql brute force protection