Merge pull request #3620 from ErisDS/issue-3589

Cleaner spam prevention error messages
2025-01-06 22:40:14 -05:00 · 2014-08-06 11:17:29 +02:00 · 2014-08-06 11:17:29 +02:00 · 3908dbdf8f
commit 3908dbdf8f
parent 1219817628 e315148cc5
1 changed files with 25 additions and 4 deletions
--- a/core/server/middleware/middleware.js
+++ b/core/server/middleware/middleware.js
@ -140,6 +140,7 @@ var middleware = {
            remoteAddress = req.connection.remoteAddress,
            deniedRateLimit = '',
            ipCount = '',
+            message = 'Too many attempts.',
            rateSigninPeriod = config.rateSigninPeriod || 3600,
            rateSigninAttempts = config.rateSigninAttempts || 10;

@ -159,7 +160,12 @@ var middleware = {
        deniedRateLimit = (ipCount[remoteAddress] > rateSigninAttempts);

        if (deniedRateLimit) {
-            return next(new errors.UnauthorizedError('Only ' + rateSigninAttempts + ' tries per IP address every ' + rateSigninPeriod + ' seconds.'));
+            errors.logError(
+                'Only ' + rateSigninAttempts + ' tries per IP address every ' + rateSigninPeriod + ' seconds.',
+                'Too many login attempts.'
+            );
+            message += rateSigninPeriod === 3600 ? ' Please wait 1 hour.' : ' Please try again later';
+            return next(new errors.UnauthorizedError(message));
        }
        next();
    },
@ -176,6 +182,7 @@ var middleware = {
            ipCount = '',
            deniedRateLimit = '',
            deniedEmailRateLimit = '',
+            message = 'Too many attempts.',
            index = _.findIndex(forgottenSecurity, function (logTime) {
                return (logTime.ip === remoteAddress && logTime.email === email);
            });
@ -202,13 +209,27 @@ var middleware = {
        if (index !== -1) {
            deniedEmailRateLimit = (forgottenSecurity[index].count > rateForgottenAttempts);
        }
-        
+
+
+
        if (deniedEmailRateLimit) {
-            return next(new errors.UnauthorizedError('Only ' + rateForgottenAttempts + ' forgotten password attempts per email every ' + rateForgottenPeriod + ' seconds.'));
+            errors.logError(
+                'Only ' + rateForgottenAttempts + ' forgotten password attempts per email every ' +
+                rateForgottenPeriod + ' seconds.',
+                'Forgotten password reset attempt failed'
+            );
        }

        if (deniedRateLimit) {
-            return next(new errors.UnauthorizedError('Only ' + rateForgottenAttempts + ' tries per IP address every ' + rateForgottenPeriod + ' seconds.'));
+            errors.logError(
+                'Only ' + rateForgottenAttempts + ' tries per IP address every ' + rateForgottenPeriod + ' seconds.',
+                'Forgotten password reset attempt failed'
+            );
+        }
+
+        if (deniedEmailRateLimit || deniedRateLimit) {
+            message += rateForgottenPeriod === 3600 ? ' Please wait 1 hour.' : ' Please try again later';
+            return next(new errors.UnauthorizedError(message));
        }

        next();