Fix for #11119, restore password reset rate limiting (#11120)

* chore: incrementing version number - v2.8.1 * chore: update changelog for v2.8.1 * fix: accidental clearing of reset rate limiting on reset send * test: move user reset tests to its own file, add failing test for user reset locks * fix: #11119, counter attempted flooding of user reset route * test: fix password reset socket test to check for error now * test: same user sending multiple reset emails should work after waiting the correct amount of time * lint: fixes * chore: rename outdated `cleanTokensAndUids` method * test: no need to create user for new test Co-authored-by: Misty Release Bot <deploy@nodebb.org> Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
2025-10-29 18:16:17 +01:00 · 2023-01-04 11:24:46 -05:00
parent 19c2b3509a
commit a344e6ec0c
7 changed files with 241 additions and 130 deletions
--- a/test/socket.io.js
+++ b/test/socket.io.js
@@ -733,7 +733,7 @@ describe('socket.io', () => {

 		it('should not generate code if rate limited', (done) => {
 			socketUser.reset.send({ uid: 0 }, 'regular@test.com', (err) => {
-				assert.ifError(err);
+				assert(err);

 				async.parallel({
 					count: async.apply(db.sortedSetCount.bind(db), 'reset:issueDate', 0, Date.now()),