aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 14:34:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rate limit password forgot

Browse Source
This commit is contained in:
nicolas.dorier
2021-03-26 18:01:45 +09:00
parent b4e15cb27f
commit 85ba9e96a0
3 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
BTCPayServer/Controllers/AccountController.cs
View File

@@ -1,5 +1,6 @@
using System;
using System.Globalization;
using System.Security.Policy;
using System.Threading.Tasks;
using BTCPayServer.Abstractions.Constants;
using BTCPayServer.Abstractions.Extensions;
@@ -34,6 +35,7 @@ namespace BTCPayServer.Controllers
readonly Configuration.BTCPayServerOptions _Options;
private readonly BTCPayServerEnvironment _btcPayServerEnvironment;
public U2FService _u2FService;
private readonly RateLimitService _rateLimitService;
private readonly EventAggregator _eventAggregator;
readonly ILogger _logger;
@@ -45,6 +47,7 @@ namespace BTCPayServer.Controllers
Configuration.BTCPayServerOptions options,
BTCPayServerEnvironment btcPayServerEnvironment,
U2FService u2FService,
RateLimitService rateLimitService,
EventAggregator eventAggregator)
{
_userManager = userManager;
@@ -54,6 +57,7 @@ namespace BTCPayServer.Controllers
_Options = options;
_btcPayServerEnvironment = btcPayServerEnvironment;
_u2FService = u2FService;
_rateLimitService = rateLimitService;
_eventAggregator = eventAggregator;
_logger = Logs.PayServer;
}
@@ -553,6 +557,8 @@ namespace BTCPayServer.Controllers
// Don't reveal that the user does not exist or is not confirmed
return RedirectToAction(nameof(ForgotPasswordConfirmation));
}
if (!await _rateLimitService.Throttle(ZoneLimits.ForgotPassword, user.NormalizedEmail))
return new TooManyRequestsResult(ZoneLimits.ForgotPassword);
_eventAggregator.Publish(new UserPasswordResetRequestedEvent()
{
User = user, RequestUri = Request.GetAbsoluteRootUri()