Page MenuHomePhabricator

Rate limit multi-factor actions
ClosedPublic

Authored by epriestley on Apr 30 2014, 4:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 15, 6:15 PM
Unknown Object (File)
Wed, Dec 11, 6:57 AM
Unknown Object (File)
Wed, Dec 11, 6:57 AM
Unknown Object (File)
Wed, Dec 11, 5:39 AM
Unknown Object (File)
Wed, Dec 11, 4:54 AM
Unknown Object (File)
Sun, Dec 8, 3:24 AM
Unknown Object (File)
Tue, Dec 3, 3:05 AM
Unknown Object (File)
Nov 14 2024, 8:34 AM
Subscribers

Details

Reviewers
btrahan
Maniphest Tasks
T4398: Implement two-factor authentication
Commits
Restricted Diffusion Commit
rP23e654ec2bc8: Rate limit multi-factor actions
Summary

Ref T4398. Prevent users from brute forcing multi-factor auth by rate limiting attempts. This slightly refines the rate limiting to allow callers to check for a rate limit without adding points, and gives users credit for successfully completing an auth workflow.

Test Plan

Tried to enter hisec with bad credentials 11 times in a row, got rate limited.

Diff Detail

Repository
rP Phabricator
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

epriestley retitled this revision from to Rate limit multi-factor actions.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
btrahan edited edge metadata.
This revision is now accepted and ready to land.Apr 30 2014, 6:32 PM
epriestley updated this revision to Diff 21167.

Closed by commit rP23e654ec2bc8 (authored by @epriestley).