TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-28 05:37:34 +03:00
Code Issues Projects Releases Wiki Activity
e4cbb3d24d
Ghost/ghost
History
Fabien 'egg' O'Carroll e4cbb3d24d
Reset magic link rate limiting upon successful login (#15345) 
refs https://github.com/TryGhost/Team/issues/1771

We don't have access to `req.brute.reset` due to the way the flow
works, we have one endpoint which sends an email with a magic link,
and another route which handles the login. We don't want to apply
brute force protection to both because our rate limiting is designed
for API requests not web page visits (which is how login is handled).

Because of this we require access to the underlying ExpressBrute
instance exposed by the spam-protection module, so that we can
perform the reset.
2022-09-01 08:54:14 -04:00
..
adapter-manager Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
admin Improving the members page on mobile 2022-09-01 13:09:23 +01:00
api-framework Fixed some type issues with the api framework 2022-08-23 14:49:29 +01:00
api-version-compatibility-service Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
bootstrap-socket Added logging configuration option for timestamps to use the local timezone 2022-08-31 10:29:55 +01:00
constants Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
core Reset magic link rate limiting upon successful login (#15345) 2022-09-01 08:54:14 -04:00
custom-theme-settings-service Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
domain-events Organized package dependencies 2022-08-18 11:55:49 +02:00
email-analytics-provider-mailgun Organized package dependencies 2022-08-18 11:55:49 +02:00
email-analytics-service Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
email-content-generator Organized package dependencies 2022-08-18 11:55:49 +02:00
express-dynamic-redirects Organized package dependencies 2022-08-18 11:55:49 +02:00
extract-api-key Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
html-to-plaintext Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
job-manager Added logging configuration option for timestamps to use the local timezone 2022-08-31 10:29:55 +01:00
magic-link Update dependency @types/jsonwebtoken to v8.5.9 2022-08-24 16:54:58 +02:00
mailgun-client Added logging configuration option for timestamps to use the local timezone 2022-08-31 10:29:55 +01:00
member-analytics-service Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
member-attribution Removed out of date history items from UrlHistory 2022-08-25 16:09:34 -04:00
member-events Renamed verification threshold parameter 2022-08-25 14:26:44 +08:00
members-analytics-ingress Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
members-api Added logging configuration option for timestamps to use the local timezone 2022-08-31 10:29:55 +01:00
members-csv Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
members-events-service Update dependency @tryghost/errors to v1.2.15 2022-08-18 12:02:38 +02:00
members-importer 🐛 Fixed empty error csv file for member imports (#15274) 2022-08-24 00:49:30 +05:30
members-ssr Added missing return in create-stripe-update-session 2022-08-29 14:02:58 +02:00
minifier Update dependency terser to v5.15.0 2022-08-23 19:47:07 +00:00
mw-api-version-mismatch Organized package dependencies 2022-08-18 11:55:49 +02:00
mw-cache-control Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
mw-error-handler Removed bluebird catch predicates from API endpoints 2022-08-24 11:27:09 +01:00
mw-session-from-token Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
mw-update-user-last-seen Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
mw-vhost Cleaned up unused test utils 2022-08-18 11:55:49 +02:00
oembed-service Added logging configuration option for timestamps to use the local timezone 2022-08-31 10:29:55 +01:00
offers Added paid subscription start email alert 2022-08-25 19:53:02 +05:30
package-json Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
payments Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
security Organized package dependencies 2022-08-18 11:55:49 +02:00
session-service Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
settings-path-manager Update dependency date-fns to v2.29.2 2022-08-18 17:15:58 +02:00
staff-service Removed empty cancellation reason from alert template 2022-08-26 01:49:10 +05:30
stripe Added logging configuration option for timestamps to use the local timezone 2022-08-31 10:29:55 +01:00
update-check-service Added logging configuration option for timestamps to use the local timezone 2022-08-31 10:29:55 +01:00
verification-trigger Improved verification email copy 2022-08-29 12:18:46 +08:00
version-notifications-data-service Organized package dependencies 2022-08-18 11:55:49 +02:00