mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-28 17:52:43 +01:00
0449a07f53
Summary:
I stumbled across this TODO and was worried that there was a glaring hole in MFA that I'd somehow forgotten about, but the TODO is just out of date.
These actions are rate limited properly by `PhabricatorAuthTryFactorAction`, which permits a maximum of 10 actions per hour.
- Remove the TODO.
- Add `bin/auth unlimit` to make it easier to reset rate limits if someone needs to do that for whatever reason.
Test Plan:
- Tried to brute force through MFA.
- Got rate limited properly after 10 failures.
- Reset rate limit with `bin/auth unlimit`.
- Saw the expected number of actions clear.
{F805288}
Reviewers: chad
Reviewed By: chad
Subscribers: joshuaspence
Differential Revision: https://secure.phabricator.com/D14105
|
||
|---|---|---|
| .. | ||
| PhabricatorAuthManagementCachePKCS8Workflow.php | ||
| PhabricatorAuthManagementLDAPWorkflow.php | ||
| PhabricatorAuthManagementListFactorsWorkflow.php | ||
| PhabricatorAuthManagementRecoverWorkflow.php | ||
| PhabricatorAuthManagementRefreshWorkflow.php | ||
| PhabricatorAuthManagementStripWorkflow.php | ||
| PhabricatorAuthManagementTrustOAuthClientWorkflow.php | ||
| PhabricatorAuthManagementUnlimitWorkflow.php | ||
| PhabricatorAuthManagementUntrustOAuthClientWorkflow.php | ||
| PhabricatorAuthManagementVerifyWorkflow.php | ||
| PhabricatorAuthManagementWorkflow.php | ||