TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-21 09:52:06 +03:00
Code Issues Projects Releases Wiki Activity
def4b8ba18
Ghost/ghost/core/test/unit
History
Fabien 'egg' O'Carroll e4cbb3d24d
Reset magic link rate limiting upon successful login (#15345) 
refs https://github.com/TryGhost/Team/issues/1771

We don't have access to `req.brute.reset` due to the way the flow
works, we have one endpoint which sends an email with a magic link,
and another route which handles the login. We don't want to apply
brute force protection to both because our rate limiting is designed
for API requests not web page visits (which is how login is handled).

Because of this we require access to the underlying ExpressBrute
instance exposed by the spam-protection module, so that we can
perform the reset.
2022-09-01 08:54:14 -04:00
..
api/canary Added core type integrations to API serializer 2022-08-12 14:18:44 +01:00
frontend Added {{search}} theme helper 2022-08-24 21:34:20 +01:00
server Reset magic link rate limiting upon successful login (#15345) 2022-09-01 08:54:14 -04:00
shared 🐛 Fixed Comments administration for self hosters (#15239) 2022-08-15 15:38:19 -04:00