1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
phorge-phorge/src/applications/auth
epriestley 0449a07f53 Add bin/auth unlimit and clean up a TODO
Summary:
I stumbled across this TODO and was worried that there was a glaring hole in MFA that I'd somehow forgotten about, but the TODO is just out of date.

These actions are rate limited properly by `PhabricatorAuthTryFactorAction`, which permits a maximum of 10 actions per hour.

  - Remove the TODO.
  - Add `bin/auth unlimit` to make it easier to reset rate limits if someone needs to do that for whatever reason.

Test Plan:
  - Tried to brute force through MFA.
  - Got rate limited properly after 10 failures.
  - Reset rate limit with `bin/auth unlimit`.
  - Saw the expected number of actions clear.

{F805288}

Reviewers: chad

Reviewed By: chad

Subscribers: joshuaspence

Differential Revision: https://secure.phabricator.com/D14105
2015-09-14 07:03:39 -07:00
..
action Rate limit multi-factor actions 2014-04-30 14:30:31 -07:00
application Allow applications to have multiple "help" menu items 2015-04-01 11:51:48 -07:00
capability Auth - add "manage providers" capability 2015-01-12 14:37:58 -08:00
conduit phtize all the things 2015-05-22 21:16:39 +10:00
constants Support invites in the registration and login flow 2015-02-11 06:06:28 -08:00
controller Modularize generation of supplemental login messages 2015-09-04 10:34:39 -07:00
data Extend from Phobject 2015-06-15 18:02:27 +10:00
editor Auth - allow for "auto login" providers 2015-02-06 10:50:36 -08:00
engine Use phutil_hashes_are_identical() when comparing hashes in Phabricator 2015-09-01 15:52:44 -07:00
exception Add email invites to Phabricator (logic only) 2015-02-09 16:12:36 -08:00
factor Add bin/auth unlimit and clean up a TODO 2015-09-14 07:03:39 -07:00
garbagecollector Add "temporary tokens" to auth, for SMS codes, TOTP codes, reset codes, etc 2014-05-20 11:43:45 -07:00
handler Modularize generation of supplemental login messages 2015-09-04 10:34:39 -07:00
management Add bin/auth unlimit and clean up a TODO 2015-09-14 07:03:39 -07:00
phid Add administrative invite interfaces 2015-02-11 06:05:53 -08:00
provider Use phutil_hashes_are_identical() when comparing hashes in Phabricator 2015-09-01 15:52:44 -07:00
query [Redesign] PhabricatorApplicationSearchResultView 2015-06-19 11:46:20 +01:00
sshkey phtize all the things 2015-05-22 21:16:39 +10:00
storage Fixes spelling error in settings log on auth provider pages 2015-03-26 03:49:58 -07:00
view Make CSS agnostic to underlying profile image size 2015-05-13 11:38:46 -07:00
worker Send emails for email invites 2015-02-11 06:06:09 -08:00