From 533cef5ab8d671f8f722d36dfb69c38a70fc116b Mon Sep 17 00:00:00 2001
From: Alice Gaudon <alice@gaudon.pro>
Date: Wed, 2 Jun 2021 16:48:58 +0200
Subject: [PATCH] Use user id to throttle failed login attempts instead of name

This allows UserNameComponent to be optional
---
 src/auth/password/PasswordAuthMethod.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/auth/password/PasswordAuthMethod.ts b/src/auth/password/PasswordAuthMethod.ts
index 6372c2e..41077d5 100644
--- a/src/auth/password/PasswordAuthMethod.ts
+++ b/src/auth/password/PasswordAuthMethod.ts
@@ -66,7 +66,7 @@ export default class PasswordAuthMethod implements AuthMethod<PasswordAuthProof>
         } catch (e) {
             if (e instanceof AuthError) {
                 Throttler.throttle('login_failed_attempts_user', 3, 3 * 60 * 1000, // 3min
-                    <string>user.getOrFail('name'), 1000, 60 * 1000); // 1min
+                    user.getOrFail('id').toString(), 1000, 60 * 1000); // 1min
                 Throttler.throttle('login_failed_attempts_ip', 50, 60 * 1000, // 1min
                     req.ip, 1000, 3600 * 1000); // 1h