Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-08 12:06:51 +08:00
Code Packages Activity Actions 1

DEV: Move logic for rate limiting user second factor to one place (#11941)

Browse source 
This moves all the rate limiting for user second factor (based on `params[:second_factor_token]` existing) to the one place, which rate limits by IP and also by username if a user is found.
This commit is contained in:
Martin Brennan 2021-02-04 09:03:30 +10:00 committed by GitHub
parent 61f5d501cb
commit e58f9f7a55
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 132 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

10
app/controllers/application_controller.rb
View file

@ -542,6 +542,16 @@ class ApplicationController < ActionController::Base
end
end
def rate_limit_second_factor!(user)
return if params[:second_factor_token].blank?
RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 6, 1.minute).performed!
if user
RateLimiter.new(nil, "second-factor-min-#{user.username}", 6, 1.minute).performed!
end
end
private
def locale_from_header