mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2025-02-22 14:22:40 +01:00
Rate limit password forgot
This commit is contained in:
parent
b4e15cb27f
commit
85ba9e96a0
3 changed files with 9 additions and 0 deletions
|
@ -1,5 +1,6 @@
|
|||
using System;
|
||||
using System.Globalization;
|
||||
using System.Security.Policy;
|
||||
using System.Threading.Tasks;
|
||||
using BTCPayServer.Abstractions.Constants;
|
||||
using BTCPayServer.Abstractions.Extensions;
|
||||
|
@ -34,6 +35,7 @@ namespace BTCPayServer.Controllers
|
|||
readonly Configuration.BTCPayServerOptions _Options;
|
||||
private readonly BTCPayServerEnvironment _btcPayServerEnvironment;
|
||||
public U2FService _u2FService;
|
||||
private readonly RateLimitService _rateLimitService;
|
||||
private readonly EventAggregator _eventAggregator;
|
||||
readonly ILogger _logger;
|
||||
|
||||
|
@ -45,6 +47,7 @@ namespace BTCPayServer.Controllers
|
|||
Configuration.BTCPayServerOptions options,
|
||||
BTCPayServerEnvironment btcPayServerEnvironment,
|
||||
U2FService u2FService,
|
||||
RateLimitService rateLimitService,
|
||||
EventAggregator eventAggregator)
|
||||
{
|
||||
_userManager = userManager;
|
||||
|
@ -54,6 +57,7 @@ namespace BTCPayServer.Controllers
|
|||
_Options = options;
|
||||
_btcPayServerEnvironment = btcPayServerEnvironment;
|
||||
_u2FService = u2FService;
|
||||
_rateLimitService = rateLimitService;
|
||||
_eventAggregator = eventAggregator;
|
||||
_logger = Logs.PayServer;
|
||||
}
|
||||
|
@ -553,6 +557,8 @@ namespace BTCPayServer.Controllers
|
|||
// Don't reveal that the user does not exist or is not confirmed
|
||||
return RedirectToAction(nameof(ForgotPasswordConfirmation));
|
||||
}
|
||||
if (!await _rateLimitService.Throttle(ZoneLimits.ForgotPassword, user.NormalizedEmail))
|
||||
return new TooManyRequestsResult(ZoneLimits.ForgotPassword);
|
||||
_eventAggregator.Publish(new UserPasswordResetRequestedEvent()
|
||||
{
|
||||
User = user, RequestUri = Request.GetAbsoluteRootUri()
|
||||
|
|
|
@ -411,6 +411,7 @@ namespace BTCPayServer.Hosting
|
|||
rateLimits.SetZone($"zone={ZoneLimits.Register} rate=1000r/min burst=100 nodelay");
|
||||
rateLimits.SetZone($"zone={ZoneLimits.PayJoin} rate=1000r/min burst=100 nodelay");
|
||||
rateLimits.SetZone($"zone={ZoneLimits.Shopify} rate=1000r/min burst=100 nodelay");
|
||||
rateLimits.SetZone($"zone={ZoneLimits.ForgotPassword} rate=1r/d burst=3 nodelay");
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -418,6 +419,7 @@ namespace BTCPayServer.Hosting
|
|||
rateLimits.SetZone($"zone={ZoneLimits.Register} rate=2r/min burst=2 nodelay");
|
||||
rateLimits.SetZone($"zone={ZoneLimits.PayJoin} rate=5r/min burst=3 nodelay");
|
||||
rateLimits.SetZone($"zone={ZoneLimits.Shopify} rate=20r/min burst=3 nodelay");
|
||||
rateLimits.SetZone($"zone={ZoneLimits.ForgotPassword} rate=1r/d burst=3 nodelay");
|
||||
}
|
||||
return rateLimits;
|
||||
});
|
||||
|
|
|
@ -6,5 +6,6 @@ namespace BTCPayServer
|
|||
public const string Register = "btcpayregister";
|
||||
public const string PayJoin = "PayJoin";
|
||||
public const string Shopify = nameof(Shopify);
|
||||
public static string ForgotPassword = "forgotpassword";
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue