summary refs log tree commit diff
diff options
context:
space:
mode:
authorAndrew Morgan <andrew@amorgan.xyz>2020-06-25 11:03:10 +0100
committerAndrew Morgan <andrew@amorgan.xyz>2020-06-25 11:03:10 +0100
commitcb272bcfe89974ba575841e31b45b9edba293887 (patch)
tree643ebbaab6d97bd6ce1fd575f0cf177d841ec313
parentDon't lowercase medium in this PR (diff)
downloadsynapse-cb272bcfe89974ba575841e31b45b9edba293887.tar.xz
Explain why we rate-limit using a threepid
-rw-r--r--synapse/rest/client/v1/login.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py

index 602785fe22..98a3365f05 100644 --- a/synapse/rest/client/v1/login.py +++ b/synapse/rest/client/v1/login.py
@@ -161,7 +161,8 @@ class LoginRestServlet(RestServlet): if not username: if medium and address: # The user attempted to login via threepid and failed - # Record this failed attempt + # Record this failed attempt using the threepid as a key, as otherwise + # the user could bypass the ratelimiter by not providing a username self._failed_attempts_ratelimiter.can_do_action( (medium, address.lower()) )