github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Fix password reset rate limit to work on ip, not email which changes every request

Browse source
This commit is contained in:
James Allen 2014-06-25 10:46:58 +01:00
parent cb682ac584
commit 5aa7daa951
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
View file

@ -11,13 +11,13 @@ module.exports =
requestReset: (req, res)->
email = req.body.email.trim().toLowerCase()
opts =
endpointName:"auto_compile"
timeInterval:60
subjectName:email
throttle: 3
endpointName: "password_reset_rate_limit"
timeInterval: 60
subjectName: req.ip
throttle: 6
RateLimiter.addCount opts, (err, canCompile)->
if !canCompile
return res.send 500
return res.send 500, { message: "Rate limit hit. Please wait a while before retrying" }
PasswordResetHandler.generateAndEmailResetToken email, (err)->
if err?
res.send 500, {message:err?.message}