epriestley 7c1d1c13f4 Add a rate limit for enroll attempts when adding new MFA configurations ... Summary: Depends on D20018. Ref T13222. When you add a new MFA configuration, you can technically (?) guess your way through it with brute force. It's not clear why this would ever really be useful (if an attacker can get here and wants to add TOTP, they can just add TOTP!) but it's probably bad, so don't let users do it. This limit is fairly generous because I don't think this actually part of any real attack, at least today with factors we're considering. Test Plan: - Added TOTP, guessed wrong a ton of times, got rate limited. - Added TOTP, guessed right, got a TOTP factor configuration added to my account. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D20019		2019-01-23 14:12:19 -08:00
..
action	Add semi-generic rate limiting infrastructure	2014-04-03 11:22:38 -07:00
application	Mark "Settings" and "Nuance" as launchable applications	2017-06-01 12:40:25 -07:00
controller	Add icons to Settings	2019-01-23 13:41:41 -08:00
editor	Correct an issue where the default "Settings" screen could show the wrong settings	2019-01-23 14:09:03 -08:00
panel	Add a rate limit for enroll attempts when adding new MFA configurations	2019-01-23 14:12:19 -08:00
panelgroup	Expand "Settings" UI to full-width	2019-01-23 13:40:34 -08:00
phid	Make Settings modular and allow them to be EditEngine'd	2016-05-31 15:32:02 -07:00
query	Fix spelling	2017-10-09 10:48:04 -07:00
setting	Expand "Settings" UI to full-width	2019-01-23 13:40:34 -08:00
storage	Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface	2018-12-20 15:16:19 -08:00