Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-17 23:44:39 -05:00
Code Issues Activity

Merge pull request #1850 from hswolff/fix-throttle-behavior

Browse source 
Remove successful login connections from the auth throttle list
This commit is contained in:
Hannah Wolfe 2014-01-05 05:03:03 -08:00
commit b9a221a2be
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
core/server/controllers/admin.js
View file

@ -72,16 +72,17 @@ adminControllers = {
}, },
'auth': function (req, res) { 'auth': function (req, res) {
var currentTime = process.hrtime()[0], var currentTime = process.hrtime()[0],
remoteAddress = req.connection.remoteAddress,
denied = ''; denied = '';
loginSecurity = _.filter(loginSecurity, function (ipTime) { loginSecurity = _.filter(loginSecurity, function (ipTime) {
return (ipTime.time + 2 > currentTime); return (ipTime.time + 2 > currentTime);
}); });
denied = _.find(loginSecurity, function (ipTime) { denied = _.find(loginSecurity, function (ipTime) {
return (ipTime.ip === req.connection.remoteAddress); return (ipTime.ip === remoteAddress);
}); });
if (!denied) { if (!denied) {
loginSecurity.push({ip: req.connection.remoteAddress, time: process.hrtime()[0]}); loginSecurity.push({ip: remoteAddress, time: currentTime});
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) { api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
req.session.regenerate(function (err) { req.session.regenerate(function (err) {
if (!err) { if (!err) {
@ -90,7 +91,11 @@ adminControllers = {
if (req.body.redirect) { if (req.body.redirect) {
redirect += decodeURIComponent(req.body.redirect); redirect += decodeURIComponent(req.body.redirect);
} }
// If this IP address successfully logins we
// can remove it from the array of failed login attempts.
loginSecurity = _.reject(loginSecurity, function (ipTime) {
return ipTime.ip === remoteAddress;
});
res.json(200, {redirect: redirect}); res.json(200, {redirect: redirect});
} }
}); });