Merge branch 'master' into master-redesign

2025-02-02 17:20:57 +00:00 · 2014-06-25 12:14:26 +01:00 · 2014-06-25 12:14:26 +01:00 · d214b5dc5e
commit d214b5dc5e
parent d2ac9a1e9f 341570d85d
4 changed files with 21 additions and 7 deletions
--- a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
+++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
@ -11,13 +11,13 @@ module.exports =
 	requestReset: (req, res)->
 		email = req.body.email.trim().toLowerCase()
 		opts = 
-			endpointName:"auto_compile"
-			timeInterval:60
-			subjectName:email
-			throttle: 3
+			endpointName: "password_reset_rate_limit"
+			timeInterval: 60
+			subjectName: req.ip
+			throttle: 6
 		RateLimiter.addCount opts, (err, canCompile)->
 			if !canCompile
-				return res.send 500
+				return res.send 500, { message: "Rate limit hit. Please wait a while before retrying" }
 			PasswordResetHandler.generateAndEmailResetToken email, (err)->
 				if err?
 					res.send 500, {message:err?.message}
--- a/services/web/app/coffee/infrastructure/Server.coffee
+++ b/services/web/app/coffee/infrastructure/Server.coffee
@ -37,14 +37,16 @@ ignoreCsrfRoutes = []
 app.ignoreCsrf = (method, route) ->
 	ignoreCsrfRoutes.push new express.Route(method, route)

-app.configure ()->
+app.configure () ->
+	if Settings.behindProxy
+		app.enable('trust proxy')
 	app.use express.static(__dirname + '/../../../public', {maxAge: staticCacheAge })
 	app.set 'views', __dirname + '/../../views'
 	app.set 'view engine', 'jade'
 	app.use express.bodyParser(uploadDir: Settings.path.uploadFolder)
 	app.use cookieParser
 	app.use express.session
-		proxy: true
+		proxy: Settings.behindProxy
 		cookie:
 			maxAge: cookieSessionLength
 			secure: Settings.secureCookie
--- a/services/web/app/coffee/router.coffee
+++ b/services/web/app/coffee/router.coffee
@ -189,6 +189,13 @@ module.exports = class Router
 				userCanSeeDropbox: true
 				languages: []

+		app.get "/ip", (req, res, next) ->
+			res.send({
+				ip: req.ip
+				ips: req.ips
+				headers: req.headers
+			})
+
 		app.get '/oops-express', (req, res, next) -> next(new Error("Test error"))
 		app.get '/oops-internal', (req, res, next) -> throw new Error("Test error")
 		app.get '/oops-mongo', (req, res, next) ->
--- a/services/web/config/settings.defaults.coffee
+++ b/services/web/config/settings.defaults.coffee
@ -191,6 +191,11 @@ module.exports =
 	# cookie with a secure flag (recommended).
 	secureCookie: false

+	# If you are running ShareLaTeX behind a proxy (like Apache, Nginx, etc)
+	# then set this to true to allow it to correctly detect the forwarded IP
+	# address and http/https protocol information.
+	behindProxy: false
+
 	# Internal configs
 	# ----------------
 	path: