HomePhabricator
Diffusion Phabricator 9a9fa8bed283

Rate limit attempts to add payment methods in Phortune
9a9fa8bed283
Actions

Description

Rate limit attempts to add payment methods in Phortune

Summary: Ref T13249. See D20132. Although we're probably a poor way to validate a big list of stolen cards in practice in production today (it's very hard to quickly generate a large number of small charges), putting rate limiting on "Add Payment Method" is generally reasonable, can't really hurt anything (no legitimate user will ever hit this limit), and might frustrate attackers in the future if it becomes easier to generate ad-hoc charges (for example, if we run a deal on support pacts and reduce their cost from $1,000 to $1).

Test Plan: Reduced limit to 4 / hour, tried to add a card several times, got rate limited.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13249

Differential Revision: https://secure.phabricator.com/D20158

Details

Provenance
epriestleyAuthored on Feb 13 2019, 1:14 PM
epriestleyPushed on Feb 13 2019, 8:25 PM
Reviewer
amckinley
Differential Revision
D20158: Rate limit attempts to add payment methods in Phortune
Parents
rP991368128e4d: Bump the markup cache version for URI changes
Branches
Unknown
Tags
Unknown
Tasks
T13249: 2019 Week 7 - 10 Bonus Content
Build Status
Buildable 21988
Build 30032: Run Core Tests

Changes (4)

PathSize
src/
applications/
phortune/
controller/
payment/
phortune/
action/
files/
action/
PhortuneAddPaymentMethodAction.php
PhabricatorFilesOutboundRequestAction.php

rP9a9fa8bed283

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/phortune/action/PhortuneAddPaymentMethodAction.php

Loading...
View Options

src/applications/phortune/controller/payment/PhortunePaymentMethodCreateController.php

Loading...
Phabricator ยท Built by Phacility