HomePhabricator

Replace old rate limiting in password login flow with "SystemAction" rate…

Description

Replace old rate limiting in password login flow with "SystemAction" rate limiting

Summary:
Depends on D20667. Ref T13343. Password auth currently uses an older rate limiting mechanism, upgrade it to the modern "SystemAction" mechanism.

This mostly just improves consistency, although there are some tangential/theoretical benefits:

  • it's not obvious that making the user log GC very quickly could disable rate limiting;
  • if we let you configure action limits in the future, which we might, this would become configurable for free.

Test Plan:

  • With CAPTCHAs off, made a bunch of invalid login attempts. Got rate limited.
  • With CAPTCHAs on, made a bunch of invalid login attempts. Got downgraded to CAPTCHAs after a few.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13343

Differential Revision: https://secure.phabricator.com/D20668

Details

Provenance
epriestleyAuthored on Jul 19 2019, 5:11 PM
Parents
rPHABe090b32c7528: Add a rate limit to requesting account recovery links from a given remote…
Branches
Unknown
Tags
Unknown
ChangeId
None

Event Timeline