overleaf/services/web/test/unit
Antoine Clausse 5f2718cf29 [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555)
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`

* Lowercase the email to avoid rate-limit bypass

* Remove unit test "when the users rate limit"

* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`

This should address the `trim()` bypass

* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`

We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"

* Add acceptance test for rate limit

* Add comment on rate limits

* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity

* Make the login rate limits configurable from the settings

GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
2024-07-30 08:04:26 +00:00
..
src [web] Make rate-limit on login consistent, prevent "trim/case bypass" (#19555) 2024-07-30 08:04:26 +00:00
bootstrap.js [web] Promisify ProjectController (#18477) 2024-05-30 08:04:36 +00:00
tsconfig.json Merge pull request #16353 from overleaf/em-typescript-in-web-backend 2024-01-04 09:03:43 +00:00