summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorPatrick Cloke <clokep@users.noreply.github.com>2023-02-22 14:37:18 -0500
committerGitHub <noreply@github.com>2023-02-22 14:37:18 -0500
commit4ed08ff72ef8f1abf85ab22de1e51b570f67b27e (patch)
treecf00cd5638590b1faac36f90aeb72ee2b6a80ae4 /synapse
parentUse `json.dump` in `FileExfiltrationWriter` (#15095) (diff)
downloadsynapse-4ed08ff72ef8f1abf85ab22de1e51b570f67b27e.tar.xz
Tighten the default rate limit of creating new devices. (#15135)
Diffstat (limited to '')
-rw-r--r--synapse/config/ratelimiting.py13
1 files changed, 11 insertions, 2 deletions
diff --git a/synapse/config/ratelimiting.py b/synapse/config/ratelimiting.py
index 5c13fe428a..b733fac617 100644
--- a/synapse/config/ratelimiting.py
+++ b/synapse/config/ratelimiting.py
@@ -87,9 +87,18 @@ class RatelimitConfig(Config):
             defaults={"per_second": 0.1, "burst_count": 5},
         )
 
+        # It is reasonable to login with a bunch of devices at once (i.e. when
+        # setting up an account), but it is *not* valid to continually be
+        # logging into new devices.
         rc_login_config = config.get("rc_login", {})
-        self.rc_login_address = RatelimitSettings(rc_login_config.get("address", {}))
-        self.rc_login_account = RatelimitSettings(rc_login_config.get("account", {}))
+        self.rc_login_address = RatelimitSettings(
+            rc_login_config.get("address", {}),
+            defaults={"per_second": 0.003, "burst_count": 5},
+        )
+        self.rc_login_account = RatelimitSettings(
+            rc_login_config.get("account", {}),
+            defaults={"per_second": 0.003, "burst_count": 5},
+        )
         self.rc_login_failed_attempts = RatelimitSettings(
             rc_login_config.get("failed_attempts", {})
         )