From c2393fb7123910eedfcf828eef6ce37ec2c1799f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcel=20M=C3=BCller?= <marcel-mueller@gmx.de>
Date: Sat, 28 Oct 2023 18:36:43 +0200
Subject: [PATCH] Reset BFP for sudo action
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
---
 core/Controller/LoginController.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index af43f2d4c4a..39ffcc81ac1 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -360,12 +360,13 @@ class LoginController extends Controller {
 		$loginResult = $this->userManager->checkPassword($loginName, $password);
 		if ($loginResult === false) {
 			$response = new DataResponse([], Http::STATUS_FORBIDDEN);
-			$response->throttle();
+			$response->throttle(['loginName' => $loginName]);
 			return $response;
 		}
 
 		$confirmTimestamp = time();
 		$this->session->set('last-password-confirm', $confirmTimestamp);
+		$this->throttler->resetDelay($this->request->getRemoteAddress(), 'sudo', ['loginName' => $loginName]);
 		return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
 	}
 }