HomePhabricator
Diffusion Phabricator 0449a07f537d

Add `bin/auth unlimit` and clean up a TODO
0449a07f537d
Actions

Description

Add bin/auth unlimit and clean up a TODO

Summary:
I stumbled across this TODO and was worried that there was a glaring hole in MFA that I'd somehow forgotten about, but the TODO is just out of date.

These actions are rate limited properly by PhabricatorAuthTryFactorAction, which permits a maximum of 10 actions per hour.

  • Remove the TODO.
  • Add bin/auth unlimit to make it easier to reset rate limits if someone needs to do that for whatever reason.

Test Plan:

  • Tried to brute force through MFA.
  • Got rate limited properly after 10 failures.
  • Reset rate limit with bin/auth unlimit.
  • Saw the expected number of actions clear.

Screen Shot 2015-09-13 at 3.31.49 PM.png (940×1 px, 149 KB)

Reviewers: chad

Reviewed By: chad

Subscribers: joshuaspence

Differential Revision: https://secure.phabricator.com/D14105

Details

Provenance
epriestleyAuthored on
epriestleyPushed on Sep 14 2015, 2:03 PM
Reviewer
chad
Differential Revision
D14105: Add `bin/auth unlimit` and clean up a TODO
Parents
rP6bd8ee861ca7: Use PEAR Text_Figlet to render figlet fonts
Branches
Unknown
Tags
Unknown

Changes (4)

PathSize
src/
applications/
auth/
factor/
management/
system/
engine/

rP0449a07f537d

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/auth/factor/PhabricatorTOTPAuthFactor.php

Loading...
View Options

src/applications/auth/management/PhabricatorAuthManagementUnlimitWorkflow.php

Loading...
View Options

src/applications/system/engine/PhabricatorSystemActionEngine.php

Loading...
Phabricator · Built by Phacility