fix(logins): combine limiting for bad logins and rate

mozilla · Apr 4, 2016 · 2f0aa17 · 2f0aa17
1 parent 8d94c1c
commit 2f0aa17
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/lib/ip_record.js b/lib/ip_record.js
@@ -112,13 +112,11 @@ module.exports = function (BLOCK_INTERVAL_MS, IP_RATE_LIMIT_INTERVAL_MS, IP_RATE
     // Throttle password-checking attempts if too many failed logins.
     // Rate-limited login attempts still count towards your quota.
     if (actions.isPasswordCheckingAction(action)) {
-      if (this.isRateLimited()) {
+      if (this.isRateLimited() || this.isOverBadLogins()) {
         // attempt a password-checking action leads to a bad attempt
         this.addBadLogin()
         // we also re-rate-limit this attempt
         this.rateLimit()
-      } else if (this.isOverBadLogins()) {
-        this.rateLimit()
       }
     }