Page MenuHomePhabricator
Differential D14105

Add `bin/auth unlimit` and clean up a TODO
ClosedPublic
Actions

Authored by epriestley on Sep 13 2015, 10:41 PM.
Tags
None
Referenced Files
F18108525: D14105.diff
Mon, Aug 11, 7:23 AM
F17803184: D14105.diff
Fri, Jul 25, 9:55 AM
F17762643: D14105.diff
Tue, Jul 22, 10:22 PM
F17641933: D14105.id34090.diff
Jul 11 2025, 8:06 PM
F17633614: D14105.id34089.diff
Jul 10 2025, 7:25 PM
F17609318: D14105.diff
Jul 9 2025, 6:38 AM
Unknown Object (File)
Jun 26 2025, 10:14 AM
Unknown Object (File)
May 25 2025, 12:36 AM
View All Files
Subscribers
joshuaspence

Details

Reviewers
chad
Commits
Restricted Diffusion Commit
rP0449a07f537d: Add `bin/auth unlimit` and clean up a TODO
Summary

I stumbled across this TODO and was worried that there was a glaring hole in MFA that I'd somehow forgotten about, but the TODO is just out of date.

These actions are rate limited properly by PhabricatorAuthTryFactorAction, which permits a maximum of 10 actions per hour.

  • Remove the TODO.
  • Add bin/auth unlimit to make it easier to reset rate limits if someone needs to do that for whatever reason.
Test Plan
  • Tried to brute force through MFA.
  • Got rate limited properly after 10 failures.
  • Reset rate limit with bin/auth unlimit.
  • Saw the expected number of actions clear.

Screen Shot 2015-09-13 at 3.31.49 PM.png (940×1 px, 149 KB)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 34089.Sep 13 2015, 10:41 PM
epriestley retitled this revision from to Add `bin/auth unlimit` and clean up a TODO.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad accepted this revision.Sep 14 2015, 1:22 AM
chad edited edge metadata.
This revision is now accepted and ready to land.Sep 14 2015, 1:22 AM
joshuaspence added a subscriber: joshuaspence.Sep 14 2015, 9:24 AM
joshuaspence added inline comments.
src/applications/auth/management/PhabricatorAuthManagementUnlimitWorkflow.php
34

--user should be parameterized.

55

As above.

Closed by commit rP0449a07f537d: Add `bin/auth unlimit` and clean up a TODO (authored by epriestley, committed by epriestley). · Explain WhySep 14 2015, 2:03 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
2 lines
applications/
auth/
factor/
3 lines
management/
67 lines
system/
engine/
31 lines

Diff 34090

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/auth/factor/PhabricatorTOTPAuthFactor.php

Loading...
View Options

src/applications/auth/management/PhabricatorAuthManagementUnlimitWorkflow.php

Loading...
View Options

src/applications/system/engine/PhabricatorSystemActionEngine.php

Loading...
Phabricator · Built by Phacility