Rate limit multi-factor actions
23e654ec2bc8
Actions

Authored by epriestley <git@epriestley.com> on Apr 30 2014, 23:30.

Description

Rate limit multi-factor actions

Summary: Ref T4398. Prevent users from brute forcing multi-factor auth by rate limiting attempts. This slightly refines the rate limiting to allow callers to check for a rate limit without adding points, and gives users credit for successfully completing an auth workflow.

Test Plan: Tried to enter hisec with bad credentials 11 times in a row, got rate limited.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8911

Details

Committed

epriestley <git@epriestley.com>

Apr 30 2014, 23:30

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH535cfa3ebebe: Add `bin/auth list-factors` and `bin/auth strip` to remove multi-factor auth

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH23e654ec2bc8: Rate limit multi-factor actions (authored by epriestley <git@epriestley.com>).Apr 30 2014, 23:30

Changes (6)

		Path
M		resources/celerity/map.php
M		src/__phutil_library_map__.php
A	(dir)	src/applications/auth/action/
A		src/applications/auth/action/PhabricatorAuthTryFactorAction.php
M		src/applications/auth/engine/PhabricatorAuthSessionEngine.php
M		src/applications/system/engine/PhabricatorSystemActionEngine.php