Merge commit from fork

5140f31c · Claire · GitHub · b1a584d2 · 5140f31c
Unverified Commit 5140f31c authored 2 weeks ago by Claire Committed by GitHub 2 weeks ago
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -122,7 +122,7 @@ class Rack::Attack
  end

  throttle('throttle_email_confirmations/ip', limit: 25, period: 5.minutes) do |req|
-    req.throttleable_remote_ip if req.post? && (req.path_matches?('/auth/confirmation') || req.path == '/api/v1/emails/confirmations')
+    req.throttleable_remote_ip if (req.post? && (req.path_matches?('/auth/confirmation') || req.path == '/api/v1/emails/confirmations')) || ((req.put? || req.patch?) && req.path_matches?('/auth/setup'))
  end

  throttle('throttle_email_confirmations/email', limit: 5, period: 30.minutes) do |req|
@@ -133,6 +133,14 @@ class Rack::Attack
    end
  end

+  throttle('throttle_auth_setup/email', limit: 5, period: 10.minutes) do |req|
+    req.params.dig('user', 'email').presence if (req.put? || req.patch?) && req.path_matches?('/auth/setup')
+  end
+
+  throttle('throttle_auth_setup/account', limit: 5, period: 10.minutes) do |req|
+    req.warden_user_id if (req.put? || req.patch?) && req.path_matches?('/auth/setup')
+  end
+
  throttle('throttle_login_attempts/ip', limit: 25, period: 5.minutes) do |req|
    req.throttleable_remote_ip if req.post? && req.path_matches?('/auth/sign_in')
  end