Page MenuHomePhabricator
Differential D20666

Add a rate limit to generating new account recovery links for a given account
ClosedPublic
Actions

Authored by epriestley on Jul 19 2019, 4:42 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 20, 7:11 PM
Unknown Object (File)
Oct 22 2024, 11:57 PM
Unknown Object (File)
Oct 20 2024, 10:03 AM
Unknown Object (File)
Oct 10 2024, 12:40 PM
Unknown Object (File)
Sep 24 2024, 7:25 AM
Unknown Object (File)
Sep 6 2024, 6:34 AM
Unknown Object (File)
Sep 6 2024, 6:34 AM
Unknown Object (File)
Sep 6 2024, 6:34 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13343: Make "Send a login link to your email address" email include why it was sent to avoid confusion
Commits
rP80294e7a4ad1: Add a rate limit to generating new account recovery links for a given account
Summary

Depends on D20665. Ref T13343. We support CAPTCHAs on the "Forgot password?" flow, but not everyone configures them (or necessarily should, since ReCAPTCHA is a huge external dependency run by Google that requires you allow Google to execute JS on your domain) and the rate at which any reasonable user needs to take this action is very low.

Put a limit on the rate at which account recovery links may be generated for a particular account, so the worst case is a trickle of annoyance rather than a flood of nonsense.

Test Plan

Screen Shot 2019-07-19 at 9.39.15 AM.png (729×1 px, 139 KB)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

Diff 49306

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/auth/action/PhabricatorAuthEmailLoginAction.php

Loading...
View Options

src/applications/people/mail/PhabricatorPeopleEmailLoginMailEngine.php

Loading...
Phabricator · Built by Phacility