From 5aa7daa951b87a6b66cda3dc96c680401c0b364b Mon Sep 17 00:00:00 2001
From: James Allen <james@sharelatex.com>
Date: Wed, 25 Jun 2014 10:46:58 +0100
Subject: [PATCH] Fix password reset rate limit to work on ip, not email which
 changes every request

---
 .../PasswordReset/PasswordResetController.coffee       | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
index 6874cbe43d..c52aa9b454 100644
--- a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
+++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee
@@ -11,13 +11,13 @@ module.exports =
 	requestReset: (req, res)->
 		email = req.body.email.trim().toLowerCase()
 		opts = 
-			endpointName:"auto_compile"
-			timeInterval:60
-			subjectName:email
-			throttle: 3
+			endpointName: "password_reset_rate_limit"
+			timeInterval: 60
+			subjectName: req.ip
+			throttle: 6
 		RateLimiter.addCount opts, (err, canCompile)->
 			if !canCompile
-				return res.send 500
+				return res.send 500, { message: "Rate limit hit. Please wait a while before retrying" }
 			PasswordResetHandler.generateAndEmailResetToken email, (err)->
 				if err?
 					res.send 500, {message:err?.message}