Add at most 10 password reset requests per 5 minutes and IP range

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2017-04-22 08:12:54 +02:00
parent 363d1c69dd
commit d0d34d308a
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
2 changed files with 4 additions and 1 deletions

View File

@ -206,6 +206,7 @@ class LostController extends Controller {
/** /**
* @PublicPage * @PublicPage
* @BruteForceProtection(action=passwordResetEmail) * @BruteForceProtection(action=passwordResetEmail)
* @AnonRateThrottle(limit=10, period=300)
* *
* @param string $user * @param string $user
* @return JSONResponse * @return JSONResponse

View File

@ -31,7 +31,9 @@ OC.Lostpassword = {
user : $('#user').val() user : $('#user').val()
}, },
OC.Lostpassword.sendLinkDone OC.Lostpassword.sendLinkDone
); ).fail(function() {
OC.Lostpassword.sendLinkError(OC.Lostpassword.sendErrorMsg);
});
} }
} }
}, },