Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Add POST /api/v1/emails/confirmations to REST API (#15816)

Browse source 
Only available to the application the user originally signed-up with
This commit is contained in:
Eugen Rochko 2021-03-01 18:39:47 +01:00 committed by GitHub
parent 287aa75f2e
commit ee1119208c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 27 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/initializers/rack_attack.rb
View file

@ -94,11 +94,15 @@ class Rack::Attack
end
throttle('throttle_email_confirmations/ip', limit: 25, period: 5.minutes) do |req|
req.remote_ip if req.post? && req.path == '/auth/confirmation'
req.remote_ip if req.post? && %w(/auth/confirmation /api/v1/emails/confirmations).include?(req.path)
end
throttle('throttle_email_confirmations/email', limit: 5, period: 30.minutes) do |req|
req.params.dig('user', 'email').presence if req.post? && req.path == '/auth/password'
if req.post? && req.path == '/auth/password'
req.params.dig('user', 'email').presence
elsif req.post? && req.path == '/api/v1/emails/confirmations'
req.authenticated_user_id
end
end
throttle('throttle_login_attempts/ip', limit: 25, period: 5.minutes) do |req|