mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-07 23:13:11 -06:00
Code Issues Packages Projects Releases Wiki Activity

Rate limiting on authenticateDb.

Browse source
This commit is contained in:
Daniel Aloni 2023-05-01 12:06:27 +03:00
parent 23d93006f4
commit 9c11562ea1
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
clientapi/auth/password.go
View file

@ -208,6 +208,9 @@ func (t *LoginTypePassword) authenticateDb(ctx context.Context, localpart string
// Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows // Technically we could tell them if the user does not exist by checking if err == sql.ErrNoRows
// but that would leak the existence of the user. // but that would leak the existence of the user.
if !res.Exists { if !res.Exists {
if t.Rt != nil {
t.Rt.Act(localpart)
}
return nil, &util.JSONResponse{ return nil, &util.JSONResponse{
Code: http.StatusForbidden, Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("The username or password was incorrect or the account does not exist."), JSON: jsonerror.Forbidden("The username or password was incorrect or the account does not exist."),