Open-event-server: Limit the number of emails an account can sent out in a given timeframe

Created on 12 Jun 2019  路  4Comments  路  Source: fossasia/open-event-server

One account yesterday tried a password reset requesting a reset 1000 times.

Please implement a threshhold for account resets and propose a threshhold for other emails in a certain time frame. Open relevant issues for this.

A threshhold for an account reset email should be 3 times per hour. After that the user should receive a message: "You have reached the threshhold for this action. Please try again in one hour."

URGENT bug
Source
picture mariobehling

All 4 comments

I'll be working on this

shreyanshdwivedi picture shreyanshdwivedi on 12 Jun 2019

Thank you. It is related to this frontend issue: https://github.com/fossasia/open-event-frontend/issues/3128 and https://github.com/fossasia/open-event-frontend/issues/3129.

mariobehling picture mariobehling on 12 Jun 2019
👍1

@shreyanshdwivedi https://github.com/fossasia/open-event-server/issues/6034

CosmicCoder96 picture CosmicCoder96 on 12 Jun 2019

Also, we need rate limiting on all of the API endpoints to prevent misuse. @shreyanshdwivedi please create an issue for it with the solution.

niranjan94 picture niranjan94 on 12 Jun 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dr0pdb picture dr0pdb  路  4Comments
Aju100 picture Aju100  路  4Comments
mariobehling picture mariobehling  路  4Comments
rafalkowalski picture rafalkowalski  路  3Comments
shubham-padia picture shubham-padia  路  4Comments