github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 07:11:34 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Move logic for rate limiting user second factor to one place (#11941)

Browse Source 
This moves all the rate limiting for user second factor (based on `params[:second_factor_token]` existing) to the one place, which rate limits by IP and also by username if a user is found.
This commit is contained in:
Martin Brennan
2021-02-04 09:03:30 +10:00
committed by GitHub
parent 61f5d501cb
commit e58f9f7a55
7 changed files with 132 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/users_email_controller.rb
View File

@ -77,7 +77,7 @@ class UsersEmailController < ApplicationController
redirect_url = path("/u/confirm-new-email/#{params[:token]}")
RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed! if params[:second_factor_token].present?
rate_limit_second_factor!(@user)
if !@error
# this is needed becase the form posts this field as JSON and it can be a