Merge pull request #552 from sharelatex/sk-rate-limit-password-change

Add rate-limit to change-password action
2017-07-24 13:58:24 +01:00
parent 8423e7336d 4c637301f7
commit 47c8ca82fa
1 changed files with 8 additions and 1 deletions
@@ -94,7 +94,14 @@ module.exports = class Router
 			SudoModeMiddlewear.protectPage,
 			UserPagesController.settingsPage
 		webRouter.post '/user/settings', AuthenticationController.requireLogin(), UserController.updateUserSettings
-		webRouter.post '/user/password/update', AuthenticationController.requireLogin(), UserController.changePassword
+		webRouter.post '/user/password/update',
+			AuthenticationController.requireLogin(),
+			RateLimiterMiddlewear.rateLimit({
+				endpointName: "change-password"
+				maxRequests: 10
+				timeInterval: 60
+			}),
+			UserController.changePassword

 		webRouter.get  '/user/sessions',
 			AuthenticationController.requireLogin(),