Merge pull request #4205 from nextcloud/backport/4203/stable26

[stable26] fix: Properly throttle in error cases and add rate limit for public file creation

Author: juliusknorr

lib/Controller/DocumentAPIController.php

@@ -78,6 +78,7 @@ public function __construct(IRequest $request, IRootFolder $rootFolder, IManager
 	 * @NoAdminRequired
 	 * @PublicPage
 	 * @BruteForceProtection(action=richdocumentsCreatePublic)
+	 * @AnonRateThrottle(limit: 5, period: 120)
 	 */
 	public function create(string $mimeType, string $fileName, string $directoryPath = '/', string $shareToken = null, ?int $templateId = null): JSONResponse {
 		try {
@@ -105,10 +106,12 @@ public function create(string $mimeType, string $fileName, string $directoryPath
 			}
 		} catch (Throwable $e) {
 			$this->logger->error('Failed to create document', ['exception' => $e]);
-			return new JSONResponse([
+			$response = new JSONResponse([
 				'status' => 'error',
 				'message' => $this->l10n->t('Cannot create document')
 			], Http::STATUS_BAD_REQUEST);
+			$response->throttle();
+			return $response;
 		}
 
 		$basename = $this->l10n->t('New Document.odt');