feat(logins): Count rate-limited login attempts as failed logins.

mozilla · Apr 4, 2016 · 4761653 · 4761653
1 parent e56bb5a
commit 4761653
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/lib/ip_record.js b/lib/ip_record.js
@@ -109,9 +109,13 @@ module.exports = function (BLOCK_INTERVAL_MS, IP_RATE_LIMIT_INTERVAL_MS, IP_RATE
       }
     }
 
-    // Throttle password-checking attempts if too many failed logins
+    // Throttle password-checking attempts if too many failed logins.
+    // Rate-limited login attempts still count towards your quota.
     if (actions.isPasswordCheckingAction(action)) {
-      if (this.isOverBadLogins() && !this.isRateLimited()) {
+      if (this.isRateLimited()) {
+        this.addBadLogin()
+      } else if (this.isOverBadLogins()) {
+        this.addBadLogin()
         this.rateLimit()
       }
     }