Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-06 10:50:21 +08:00
Code Packages Activity Actions 13

FIX: Missing 2FA guards when sso is enabled or when local login is disabled.

Browse source
This commit is contained in:
Guo Xiang Tan 2018-03-02 10:37:13 +08:00
parent e19ae6c55e
commit 939180efa8
4 changed files with 46 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
app/controllers/users_controller.rb
View file

@ -952,6 +952,7 @@ class UsersController < ApplicationController
end
def create_second_factor
raise Discourse::NotFound if SiteSetting.enable_sso || !SiteSetting.enable_local_logins
RateLimiter.new(nil, "login-hr-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_hour, 1.hour).performed!
RateLimiter.new(nil, "login-min-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_minute, 1.minute).performed!