From c1b8f152d8faeabe44c6276033c82d2c6453326d Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sat, 22 Apr 2017 07:59:40 +0200
Subject: [PATCH] Add rate limit to TOTP solve challenge controller

Fixes https://github.com/nextcloud/server/issues/2626

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 core/Controller/TwoFactorChallengeController.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php
index fd4811d3ff..9f379ad30d 100644
--- a/core/Controller/TwoFactorChallengeController.php
+++ b/core/Controller/TwoFactorChallengeController.php
@@ -143,6 +143,8 @@ class TwoFactorChallengeController extends Controller {
 	 * @NoCSRFRequired
 	 * @UseSession
 	 *
+	 * @UserRateThrottle(limit=5, period=100)
+	 *
 	 * @param string $challengeProviderId
 	 * @param string $challenge
 	 * @param string $redirect_url