github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-16 05:53:47 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: rate limit user/password login

Browse Source
This commit is contained in:
Sam 2014-09-25 10:06:44 +10:00
parent f02898f834
commit 48145e8e23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/session_controller.rb
View File

@ -51,6 +51,9 @@ class SessionController < ApplicationController
return
end
RateLimiter.new(nil, "login-hr-#{request.remote_ip}", 30, 1.hour).performed!
RateLimiter.new(nil, "login-min-#{request.remote_ip}", 6, 1.minute).performed!
params.require(:login)
params.require(:password)