mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-11 17:32:41 +01:00
23e654ec2b
Summary: Ref T4398. Prevent users from brute forcing multi-factor auth by rate limiting attempts. This slightly refines the rate limiting to allow callers to check for a rate limit without adding points, and gives users credit for successfully completing an auth workflow. Test Plan: Tried to enter hisec with bad credentials 11 times in a row, got rate limited. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4398 Differential Revision: https://secure.phabricator.com/D8911
21 lines
466 B
PHP
21 lines
466 B
PHP
<?php
|
|
|
|
final class PhabricatorAuthTryFactorAction extends PhabricatorSystemAction {
|
|
|
|
const TYPECONST = 'auth.factor';
|
|
|
|
public function getActionConstant() {
|
|
return self::TYPECONST;
|
|
}
|
|
|
|
public function getScoreThreshold() {
|
|
return 10 / phutil_units('1 hour in seconds');
|
|
}
|
|
|
|
public function getLimitExplanation() {
|
|
return pht(
|
|
'You have failed to verify multi-factor authentication too often in '.
|
|
'a short period of time.');
|
|
}
|
|
|
|
}
|