Increase login fail per ip throttle limit and jail time
This commit is contained in:
parent
72fe0bbda8
commit
f99c62a5d9
@ -54,10 +54,10 @@ export default class PasswordAuthMethod implements AuthMethod<PasswordAuthProof>
|
|||||||
await this.app.as(AuthComponent).getAuthGuard().authenticateOrRegister(req.getSession(), passwordAuthProof);
|
await this.app.as(AuthComponent).getAuthGuard().authenticateOrRegister(req.getSession(), passwordAuthProof);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
if (e instanceof AuthError) {
|
if (e instanceof AuthError) {
|
||||||
Throttler.throttle('login_failed_attempts_user', 3, 180000,
|
Throttler.throttle('login_failed_attempts_user', 3, 3 * 60 * 1000, // 3min
|
||||||
<string>user.getOrFail('name'), 1000, 60000);
|
<string>user.getOrFail('name'), 1000, 60 * 1000); // 1min
|
||||||
Throttler.throttle('login_failed_attempts_ip', 5, 60000,
|
Throttler.throttle('login_failed_attempts_ip', 50, 60 * 1000, // 1min
|
||||||
req.ip, 1000, 60000);
|
req.ip, 1000, 3600 * 1000); // 1h
|
||||||
|
|
||||||
if (e instanceof PendingApprovalAuthError) {
|
if (e instanceof PendingApprovalAuthError) {
|
||||||
req.flash('error', 'Your account is still being reviewed.');
|
req.flash('error', 'Your account is still being reviewed.');
|
||||||
|
Loading…
Reference in New Issue
Block a user