New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add rate limiter for login endpoint #4062
Conversation
Codecov Report
@@ Coverage Diff @@
## main #4062 +/- ##
============================================
- Coverage 60.56% 60.22% -0.34%
+ Complexity 2386 2385 -1
============================================
Files 356 357 +1
Lines 12356 12392 +36
Branches 894 892 -2
============================================
- Hits 7483 7463 -20
- Misses 4432 4492 +60
+ Partials 441 437 -4
|
once this PR is merged, i will open a PR adding rate limiter for the comment endpoint, as we discussed in #4044 |
Signed-off-by: Ryan Wang <i@ryanc.cc>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: guqing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
…ted (#4101) #### What type of PR is this? /kind bug /area core #### What this PR does / why we need it: This is a bug introduced from #4062. I have overridden onAuthenticationSuccess to create rate limiter in advance instead of invoking `securityContextRepository#save` before. See #4099 (comment) for more. #### Special notes for your reviewer: 1. Try to log in with incorrect password three times 2. Log in with correct password and check if the response headers contain `Set-Cookie` #### Does this PR introduce a user-facing change? ```release-note None ```
What type of PR is this?
/kind feature
/area core
What this PR does / why we need it:
This PR introduces https://github.com/resilience4j/resilience4j to archive the feature. The login endpoint has limited login failures at a rate of 3 per minute.
See #4044 for more.
Which issue(s) this PR fixes:
Fixes #4044
Special notes for your reviewer:
Does this PR introduce a user-facing change?