Improve email safety #18
Labels
enhancement
New feature or request
Comments
This was referenced Jul 13, 2019
|
Probably should make the initial timeout some fraction of the key timeout, and give it an exponential backoff, with an error of “you are trying to log in too frequently, please wait {timeout} minutes before trying again” (configurable of course) |
|
Maybe also limit per domain? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The EmailHandler should keep track of the addresses it's sent a link to in the last few minutes, and not allow spamming an address. This is both to prevent Authl from being used as an intermediary for flooding someone else's email address, and to avoid issues with a
/_login/?me=user@example.comaddress living in someone's history causing the user to get spammed (due to browser prefetch or whatever)The text was updated successfully, but these errors were encountered: