Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Rate-limit per user the lost password procedure

Download Browse

A rate-limit of 10mn is now enforced to remove the possibility of spamming a user too much via the Tuleap instance. Closes request #14709: Lost password procedure can be used to spam a user Change-Id: I1223bd93dfa0db4bd50f1badf5bad3a334fd1e27

+144 −36
Thomas Gerbet (tgerbet) 2020-06-15 16:51
Thomas Gerbet (tgerbet) 2020-06-15 16:55
688f7e443bbcb630e68b87e9d822bef4a2f3b024
1c3a7f7c0ba4e6491de8fd6a7e9fa12500bdfa5e
git #tuleap/stable/688f7e443bbcb630e68b87e9d822bef4a2f3b024

Modified Files

Side by side diff
Inline diff
Name
M src/common/User/Password/Reset/Creator.php +5 −4 Go to diff View file
M src/common/User/Password/Reset/LostPasswordDAO.php +25 −8 Go to diff View file
M src/www/account/lostpw-confirm.php +22 −17 Go to diff View file
A tests/integration/tests/User/Password/Reset/LostPasswordDAOTest.php +55 −0 Go to diff View file
M tests/unit/common/User/Password/Reset/CreatorTest.php +37 −7 Go to diff View file