Add at most 10 password reset requests per 5 minutes and IP range

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-22 08:12:54 +02:00 · 2017-04-22 08:12:54 +02:00 · d0d34d308a
parent 363d1c69dd
commit d0d34d308a
2 changed files with 4 additions and 1 deletions
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@ -206,6 +206,7 @@ class LostController extends Controller {
 	/**
 	 * @PublicPage
 	 * @BruteForceProtection(action=passwordResetEmail)
+	 * @AnonRateThrottle(limit=10, period=300)
 	 *
 	 * @param string $user
 	 * @return JSONResponse
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@ -31,7 +31,9 @@ OC.Lostpassword = {
 						user : $('#user').val()
 					},
 					OC.Lostpassword.sendLinkDone
-				);
+				).fail(function() {
+					OC.Lostpassword.sendLinkError(OC.Lostpassword.sendErrorMsg);
+				});
 			}
 		}
 	},