mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2025-01-19 05:33:31 +01:00
Fix ratelimiter for forgotpassword
This commit is contained in:
nicolas.dorier
parent
85ba9e96a0
commit
b7b6cef880
@ -547,6 +547,7 @@ namespace BTCPayServer.Controllers
|
|||||||
[HttpPost]
|
[HttpPost]
|
||||||
[AllowAnonymous]
|
[AllowAnonymous]
|
||||||
[ValidateAntiForgeryToken]
|
[ValidateAntiForgeryToken]
|
||||||
|
[RateLimitsFilter(ZoneLimits.ForgotPassword, Scope = RateLimitsScope.RemoteAddress)]
|
||||||
public async Task<IActionResult> ForgotPassword(ForgotPasswordViewModel model)
|
public async Task<IActionResult> ForgotPassword(ForgotPasswordViewModel model)
|
||||||
{
|
{
|
||||||
if (ModelState.IsValid)
|
if (ModelState.IsValid)
|
||||||
@ -557,8 +558,6 @@ namespace BTCPayServer.Controllers
|
|||||||
// Don't reveal that the user does not exist or is not confirmed
|
// Don't reveal that the user does not exist or is not confirmed
|
||||||
return RedirectToAction(nameof(ForgotPasswordConfirmation));
|
return RedirectToAction(nameof(ForgotPasswordConfirmation));
|
||||||
}
|
}
|
||||||
if (!await _rateLimitService.Throttle(ZoneLimits.ForgotPassword, user.NormalizedEmail))
|
|
||||||
return new TooManyRequestsResult(ZoneLimits.ForgotPassword);
|
|
||||||
_eventAggregator.Publish(new UserPasswordResetRequestedEvent()
|
_eventAggregator.Publish(new UserPasswordResetRequestedEvent()
|
||||||
{
|
{
|
||||||
User = user, RequestUri = Request.GetAbsoluteRootUri()
|
User = user, RequestUri = Request.GetAbsoluteRootUri()
|
||||||
|
|||||||
@ -411,7 +411,7 @@ namespace BTCPayServer.Hosting
|
|||||||
rateLimits.SetZone($"zone={ZoneLimits.Register} rate=1000r/min burst=100 nodelay");
|
rateLimits.SetZone($"zone={ZoneLimits.Register} rate=1000r/min burst=100 nodelay");
|
||||||
rateLimits.SetZone($"zone={ZoneLimits.PayJoin} rate=1000r/min burst=100 nodelay");
|
rateLimits.SetZone($"zone={ZoneLimits.PayJoin} rate=1000r/min burst=100 nodelay");
|
||||||
rateLimits.SetZone($"zone={ZoneLimits.Shopify} rate=1000r/min burst=100 nodelay");
|
rateLimits.SetZone($"zone={ZoneLimits.Shopify} rate=1000r/min burst=100 nodelay");
|
||||||
rateLimits.SetZone($"zone={ZoneLimits.ForgotPassword} rate=1r/d burst=3 nodelay");
|
rateLimits.SetZone($"zone={ZoneLimits.ForgotPassword} rate=5r/d burst=3 nodelay");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -419,7 +419,7 @@ namespace BTCPayServer.Hosting
|
|||||||
rateLimits.SetZone($"zone={ZoneLimits.Register} rate=2r/min burst=2 nodelay");
|
rateLimits.SetZone($"zone={ZoneLimits.Register} rate=2r/min burst=2 nodelay");
|
||||||
rateLimits.SetZone($"zone={ZoneLimits.PayJoin} rate=5r/min burst=3 nodelay");
|
rateLimits.SetZone($"zone={ZoneLimits.PayJoin} rate=5r/min burst=3 nodelay");
|
||||||
rateLimits.SetZone($"zone={ZoneLimits.Shopify} rate=20r/min burst=3 nodelay");
|
rateLimits.SetZone($"zone={ZoneLimits.Shopify} rate=20r/min burst=3 nodelay");
|
||||||
rateLimits.SetZone($"zone={ZoneLimits.ForgotPassword} rate=1r/d burst=3 nodelay");
|
rateLimits.SetZone($"zone={ZoneLimits.ForgotPassword} rate=5r/d burst=5 nodelay");
|
||||||
}
|
}
|
||||||
return rateLimits;
|
return rateLimits;
|
||||||
});
|
});
|
||||||
|
|||||||
@ -6,6 +6,6 @@ namespace BTCPayServer
|
|||||||
public const string Register = "btcpayregister";
|
public const string Register = "btcpayregister";
|
||||||
public const string PayJoin = "PayJoin";
|
public const string PayJoin = "PayJoin";
|
||||||
public const string Shopify = nameof(Shopify);
|
public const string Shopify = nameof(Shopify);
|
||||||
public static string ForgotPassword = "forgotpassword";
|
public const string ForgotPassword = "forgotpassword";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user