From 42300d19e909978044fe2d3fc34322f04195fd9b Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Mon, 13 Aug 2018 15:52:09 +0200
Subject: [PATCH] Fix max length requirements for the throttler metadata

If a failed login is logged, we save the username as metadata
in the bruteforce throttler. To prevent database error due to
very long strings, this truncates the username at 64 bytes in
the assumption that no real username is longer than that.long strings,

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 core/Controller/LoginController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 5db650c4c47..09b6fe54384 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -382,7 +382,7 @@ class LoginController extends Controller {
 		$response = new RedirectResponse(
 			$this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)
 		);
-		$response->throttle(['user' => $user]);
+		$response->throttle(['user' => substr($user, 0, 64)]);
 		$this->session->set('loginMessages', [
 			[$loginMessage], []
 		]);
-- 
GitLab