diff options
| author | =Corey Hulen <corey@hulen.com> | 2015-07-29 01:26:10 -0800 |
|---|---|---|
| committer | =Corey Hulen <corey@hulen.com> | 2015-07-29 01:26:10 -0800 |
| commit | 9677a9f71777d75f3def0b0cb238050a30ec6a67 (patch) | |
| tree | 8579fae8134ef2167a2cc97d95b0225e8acfdb46 /api/user.go | |
| parent | 81e55eb57c367a1403f693712411c0781287ea55 (diff) | |
| download | chat-9677a9f71777d75f3def0b0cb238050a30ec6a67.tar.gz chat-9677a9f71777d75f3def0b0cb238050a30ec6a67.tar.bz2 chat-9677a9f71777d75f3def0b0cb238050a30ec6a67.zip | |
Fixes mm-1355 adds rate limiting apis
Diffstat (limited to 'api/user.go')
| -rw-r--r-- | api/user.go | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/api/user.go b/api/user.go index e1d5e83dd..94b4eca18 100644 --- a/api/user.go +++ b/api/user.go @@ -282,12 +282,26 @@ func LoginByEmail(c *Context, w http.ResponseWriter, r *http.Request, email, nam } func checkUserPassword(c *Context, user *model.User, password string) bool { + + if user.FailedAttempts >= utils.Cfg.ServiceSettings.AllowedLoginAttempts { + c.LogAuditWithUserId(user.Id, "fail") + c.Err = model.NewAppError("checkUserPassword", "Your account is locked because of too many failed password attempts. Please reset your password.", "user_id="+user.Id) + c.Err.StatusCode = http.StatusForbidden + return false + } + if !model.ComparePassword(user.Password, password) { c.LogAuditWithUserId(user.Id, "fail") c.Err = model.NewAppError("checkUserPassword", "Login failed because of invalid password", "user_id="+user.Id) c.Err.StatusCode = http.StatusForbidden + + if result := <-Srv.Store.User().UpdateFailedPasswordAttempts(user.Id, user.FailedAttempts+1); result.Err != nil { + c.LogError(result.Err) + } + return false } + return true } |