Merge pull request #4435 from nextcloud/allow-at-maximum-10-reset-mails-requests-per-5-minutes

Add at most 10 password reset requests per 5 minutes and IP range
author: Lukas Reschke <lukas@statuscode.ch> 2017-04-22 11:17:54 +0200
committer: GitHub <noreply@github.com> 2017-04-22 11:17:54 +0200
commit: 1bd3bd33f980e5966a2cb70288639985192f0043 (patch)
tree: 280cc191058451465da06d22a392066b26d79947
parent: 7acdc2a096a653d37f695f05db3d60b3b671e136 (diff)
parent: d0d34d308a9d752d372fb9249b00014b8fa7f9a1 (diff)
download: nextcloud-server-1bd3bd33f980e5966a2cb70288639985192f0043.tar.gz
nextcloud-server-1bd3bd33f980e5966a2cb70288639985192f0043.zip
2 files changed, 4 insertions, 1 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 8d26f2c1942..27491b88235 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -206,6 +206,7 @@ class LostController extends Controller {
 	/**
 	 * @PublicPage
 	 * @BruteForceProtection(action=passwordResetEmail)
+	 * @AnonRateThrottle(limit=10, period=300)
 	 *
 	 * @param string $user
 	 * @return JSONResponse
diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
index 6e18dcc1f8b..4690b86f995 100644
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@@ -31,7 +31,9 @@ OC.Lostpassword = {
 						user : $('#user').val()
 					},
 					OC.Lostpassword.sendLinkDone
-				);
+				).fail(function() {
+					OC.Lostpassword.sendLinkError(OC.Lostpassword.sendErrorMsg);
+				});
 			}
 		}
 	},
author	Lukas Reschke <lukas@statuscode.ch>	2017-04-22 11:17:54 +0200
committer	GitHub <noreply@github.com>	2017-04-22 11:17:54 +0200
commit	1bd3bd33f980e5966a2cb70288639985192f0043 (patch)
tree	280cc191058451465da06d22a392066b26d79947
parent	7acdc2a096a653d37f695f05db3d60b3b671e136 (diff)
parent	d0d34d308a9d752d372fb9249b00014b8fa7f9a1 (diff)
download	nextcloud-server-1bd3bd33f980e5966a2cb70288639985192f0043.tar.gz nextcloud-server-1bd3bd33f980e5966a2cb70288639985192f0043.zip