Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: introduce artificial delay + delay fudging on invalid email during reset token generation

Browse Source
This commit is contained in:
Julian Lam
2021-06-11 14:47:13 -04:00
parent 229f96f872
commit f6c14d6b62
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/socket.io/user.js
View File

@@ -86,9 +86,10 @@ SocketUser.reset.send = async function (socket, email) {
try { try {
await user.reset.send(email); await user.reset.send(email);
await logEvent('[[success:success]]'); await logEvent('[[success:success]]');
await sleep(2500); await sleep(2500 + ((Math.random() * 500) - 250));
} catch (err) { } catch (err) {
await logEvent(err.message); await logEvent(err.message);
await sleep(2500 + ((Math.random() * 500) - 250));
const internalErrors = ['[[error:invalid-email]]', '[[error:reset-rate-limited]]']; const internalErrors = ['[[error:invalid-email]]', '[[error:reset-rate-limited]]'];
if (!internalErrors.includes(err.message)) { if (!internalErrors.includes(err.message)) {
throw err; throw err;