Add rate-limit to change-password action

This commit is contained in:
Shane Kilkelly
2017-07-21 11:07:05 +01:00
parent 8e55b77055
commit 4c637301f7
+8 -1
View File
@@ -94,7 +94,14 @@ module.exports = class Router
SudoModeMiddlewear.protectPage,
UserPagesController.settingsPage
webRouter.post '/user/settings', AuthenticationController.requireLogin(), UserController.updateUserSettings
webRouter.post '/user/password/update', AuthenticationController.requireLogin(), UserController.changePassword
webRouter.post '/user/password/update',
AuthenticationController.requireLogin(),
RateLimiterMiddlewear.rateLimit({
endpointName: "change-password"
maxRequests: 10
timeInterval: 60
}),
UserController.changePassword
webRouter.get '/user/sessions',
AuthenticationController.requireLogin(),