mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-28 22:43:30 +03:00
e4cbb3d24d
refs https://github.com/TryGhost/Team/issues/1771 We don't have access to `req.brute.reset` due to the way the flow works, we have one endpoint which sends an email with a magic link, and another route which handles the login. We don't want to apply brute force protection to both because our rate limiting is designed for API requests not web page visits (which is how login is handled). Because of this we require access to the underlying ExpressBrute instance exposed by the spam-protection module, so that we can perform the reset. |
||
|---|---|---|
| .. | ||
| admin | ||
| content | ||
| members | ||
| members-comments | ||
| shared | ||