mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-03-18 02:21:47 -05:00
Remove successful login connections from the auth
throttle list - once a user has successfully logged into ghost they no longer are a malicious user and as such their IP address should be removed from the array of login attempts - should also reduce the memory usage of Ghost as the loginSecurity array gets pruned upon every successful login - this also fixes a race condition i was experiencing during functional tests wherein i would receive the login throttle message during regular testing. Seems my machine is able to run casper fast enough that it could complete each test under an amount of time that tripped the login throttle message.
This commit is contained in:
parent
3937c1bf0e
commit
09b64c82df
1 changed files with 8 additions and 3 deletions
|
@ -72,16 +72,17 @@ adminControllers = {
|
|||
},
|
||||
'auth': function (req, res) {
|
||||
var currentTime = process.hrtime()[0],
|
||||
remoteAddress = req.connection.remoteAddress,
|
||||
denied = '';
|
||||
loginSecurity = _.filter(loginSecurity, function (ipTime) {
|
||||
return (ipTime.time + 2 > currentTime);
|
||||
});
|
||||
denied = _.find(loginSecurity, function (ipTime) {
|
||||
return (ipTime.ip === req.connection.remoteAddress);
|
||||
return (ipTime.ip === remoteAddress);
|
||||
});
|
||||
|
||||
if (!denied) {
|
||||
loginSecurity.push({ip: req.connection.remoteAddress, time: process.hrtime()[0]});
|
||||
loginSecurity.push({ip: remoteAddress, time: currentTime});
|
||||
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
|
||||
req.session.regenerate(function (err) {
|
||||
if (!err) {
|
||||
|
@ -90,7 +91,11 @@ adminControllers = {
|
|||
if (req.body.redirect) {
|
||||
redirect += decodeURIComponent(req.body.redirect);
|
||||
}
|
||||
|
||||
// If this IP address successfully logins we
|
||||
// can remove it from the array of failed login attempts.
|
||||
loginSecurity = _.reject(loginSecurity, function (ipTime) {
|
||||
return ipTime.ip === remoteAddress;
|
||||
});
|
||||
res.json(200, {redirect: redirect});
|
||||
}
|
||||
});
|
||||
|
|
Loading…
Add table
Reference in a new issue