github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-19 08:42:44 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: rate limit by login on password reset

Browse Source
This commit is contained in:
Sam 2016-12-19 11:03:07 +11:00
parent 0599bd0154
commit dd383300b1
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/session_controller.rb
View File

@ -218,6 +218,9 @@ class SessionController < ApplicationController
RateLimiter.new(nil, "forgot-password-hr-#{request.remote_ip}", 6, 1.hour).performed! RateLimiter.new(nil, "forgot-password-hr-#{request.remote_ip}", 6, 1.hour).performed!
RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed! RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed!
RateLimiter.new(nil, "forgot-password-login-hour-#{params[:login].to_s[0..100]}", 12, 1.hour).performed!
RateLimiter.new(nil, "forgot-password-login-min-#{params[:login].to_s[0..100]}", 3, 1.minute).performed!
user = User.find_by_username_or_email(params[:login]) user = User.find_by_username_or_email(params[:login])
user_presence = user.present? && user.id != Discourse::SYSTEM_USER_ID && !user.staged user_presence = user.present? && user.id != Discourse::SYSTEM_USER_ID && !user.staged
if user_presence if user_presence