Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Switched private login brute errors to correct error status code

Browse source 
no issue

- when too many login attempts were detected for the `/private/` form we were throwing 500 errors instead of the more appropriate 429 error that we use everywhere else for "too many request" type errors
This commit is contained in:
Kevin Ansfield 2019-09-09 16:02:21 +01:00
parent 5be63958b9
commit 88659e5a52
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
core/server/web/shared/middlewares/api/spam-prevention.js
View file

@ -186,7 +186,7 @@ const privateBlog = () => {
extend({ extend({
attachResetToRequest: false, attachResetToRequest: false,
failCallback(req, res, next, nextValidRequestDate) { failCallback(req, res, next, nextValidRequestDate) {
common.logging.error(new common.errors.GhostError({ common.logging.error(new common.errors.TooManyRequestsError({
message: common.i18n.t('errors.middleware.spamprevention.tooManySigninAttempts.error', message: common.i18n.t('errors.middleware.spamprevention.tooManySigninAttempts.error',
{ {
rateSigninAttempts: spamPrivateBlog.freeRetries + 1 || 5, rateSigninAttempts: spamPrivateBlog.freeRetries + 1 || 5,
@ -195,7 +195,7 @@ const privateBlog = () => {
context: common.i18n.t('errors.middleware.spamprevention.tooManySigninAttempts.context') context: common.i18n.t('errors.middleware.spamprevention.tooManySigninAttempts.context')
})); }));
return next(new common.errors.GhostError({ return next(new common.errors.TooManyRequestsError({
message: `Too many private sign-in attempts try again in ${moment(nextValidRequestDate).fromNow(true)}` message: `Too many private sign-in attempts try again in ${moment(nextValidRequestDate).fromNow(true)}`
})); }));
}, },