From db88a00d48d1dce48b8700e460c06ff7fb344f0a Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 1 Aug 2015 12:14:22 -0400
Subject: Add bruteforce protection

---
 app/Api/Auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Api/Auth.php')

diff --git a/app/Api/Auth.php b/app/Api/Auth.php
index 9d401746..18fe9ff9 100644
--- a/app/Api/Auth.php
+++ b/app/Api/Auth.php
@@ -26,7 +26,7 @@ class Auth extends Base
     {
         $this->container['dispatcher']->dispatch('api.bootstrap', new Event);
 
-        if ($username !== 'jsonrpc' && $this->authentication->authenticate($username, $password)) {
+        if ($username !== 'jsonrpc' && ! $this->authentication->hasCaptcha($username) && $this->authentication->authenticate($username, $password)) {
             $this->checkProcedurePermission(true, $method);
             $this->userSession->refresh($this->user->getByUsername($username));
         }
-- 
cgit v1.2.3