github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: rate limit user/password login

Browse Source
This commit is contained in:
Sam
2014-09-25 10:06:44 +10:00
parent ffa11bd1d6
commit d53e01619f
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/session_controller.rb
View File

@ -51,6 +51,9 @@ class SessionController < ApplicationController
return
end
RateLimiter.new(nil, "login-hr-#{request.remote_ip}", 30, 1.hour).performed!
RateLimiter.new(nil, "login-min-#{request.remote_ip}", 6, 1.minute).performed!
params.require(:login)
params.require(:password)