Merge pull request #3620 from ErisDS/issue-3589

Cleaner spam prevention error messages
2025-02-03 23:00:14 -05:00 · 2014-08-06 11:17:29 +02:00 · 2014-08-06 11:17:29 +02:00 · 3908dbdf8f
commit 3908dbdf8f
parent 1219817628 e315148cc5
1 changed files with 25 additions and 4 deletions
--- a/core/server/middleware/middleware.js
+++ b/core/server/middleware/middleware.js
@ -140,6 +140,7 @@ var middleware = {
            remoteAddress = req.connection.remoteAddress,
            deniedRateLimit = '',
            ipCount = '',
            message = 'Too many attempts.',
            rateSigninPeriod = config.rateSigninPeriod || 3600,
            rateSigninAttempts = config.rateSigninAttempts || 10;
@ -159,7 +160,12 @@ var middleware = {
        deniedRateLimit = (ipCount[remoteAddress] > rateSigninAttempts);
        if (deniedRateLimit) {
-            return next(new errors.UnauthorizedError('Only ' + rateSigninAttempts + ' tries per IP address every ' + rateSigninPeriod + ' seconds.'));
+            errors.logError(
                'Only ' + rateSigninAttempts + ' tries per IP address every ' + rateSigninPeriod + ' seconds.',
                'Too many login attempts.'
            );
            message += rateSigninPeriod === 3600 ? ' Please wait 1 hour.' : ' Please try again later';
            return next(new errors.UnauthorizedError(message));
        }
        next();
    },
@ -176,6 +182,7 @@ var middleware = {
            ipCount = '',
            deniedRateLimit = '',
            deniedEmailRateLimit = '',
            message = 'Too many attempts.',
            index = _.findIndex(forgottenSecurity, function (logTime) {
                return (logTime.ip === remoteAddress && logTime.email === email);
            });
@ -203,12 +210,26 @@ var middleware = {
            deniedEmailRateLimit = (forgottenSecurity[index].count > rateForgottenAttempts);
        }
        if (deniedEmailRateLimit) {
-            return next(new errors.UnauthorizedError('Only ' + rateForgottenAttempts + ' forgotten password attempts per email every ' + rateForgottenPeriod + ' seconds.'));
+            errors.logError(
                'Only ' + rateForgottenAttempts + ' forgotten password attempts per email every ' +
                rateForgottenPeriod + ' seconds.',
                'Forgotten password reset attempt failed'
            );
        }
        if (deniedRateLimit) {
-            return next(new errors.UnauthorizedError('Only ' + rateForgottenAttempts + ' tries per IP address every ' + rateForgottenPeriod + ' seconds.'));
+            errors.logError(
                'Only ' + rateForgottenAttempts + ' tries per IP address every ' + rateForgottenPeriod + ' seconds.',
                'Forgotten password reset attempt failed'
            );
        }
        if (deniedEmailRateLimit || deniedRateLimit) {
            message += rateForgottenPeriod === 3600 ? ' Please wait 1 hour.' : ' Please try again later';
            return next(new errors.UnauthorizedError(message));
        }
        next();