mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-06-02 13:49:00 +02:00
Jakob Ackermann
9d00c351a8
[misc] add captcha on password reset requests GitOrigin-RevId: 9a23b9c9dee2c56345e9c1846861c05c25126802
63 lines
1.8 KiB
JavaScript
63 lines
1.8 KiB
JavaScript
const PasswordResetController = require('./PasswordResetController')
|
|
const AuthenticationController = require('../Authentication/AuthenticationController')
|
|
const CaptchaMiddleware = require('../../Features/Captcha/CaptchaMiddleware')
|
|
const RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
|
const { Joi, validate } = require('../../infrastructure/Validation')
|
|
|
|
module.exports = {
|
|
apply(webRouter, apiRouter) {
|
|
const rateLimit = RateLimiterMiddleware.rateLimit({
|
|
endpointName: 'password_reset_rate_limit',
|
|
ipOnly: true,
|
|
maxRequests: 6,
|
|
timeInterval: 60,
|
|
})
|
|
|
|
webRouter.get(
|
|
'/user/password/reset',
|
|
PasswordResetController.renderRequestResetForm
|
|
)
|
|
webRouter.post(
|
|
'/user/password/reset',
|
|
validate({
|
|
body: Joi.object({
|
|
email: Joi.string().required(),
|
|
}),
|
|
}),
|
|
rateLimit,
|
|
CaptchaMiddleware.validateCaptcha('passwordReset'),
|
|
PasswordResetController.requestReset
|
|
)
|
|
AuthenticationController.addEndpointToLoginWhitelist('/user/password/reset')
|
|
|
|
webRouter.get(
|
|
'/user/password/set',
|
|
PasswordResetController.renderSetPasswordForm
|
|
)
|
|
webRouter.post(
|
|
'/user/password/set',
|
|
validate({
|
|
body: Joi.object({
|
|
password: Joi.string().required(),
|
|
passwordResetToken: Joi.string().required(),
|
|
}),
|
|
}),
|
|
rateLimit,
|
|
PasswordResetController.setNewUserPassword
|
|
)
|
|
AuthenticationController.addEndpointToLoginWhitelist('/user/password/set')
|
|
|
|
webRouter.post(
|
|
'/user/reconfirm',
|
|
validate({
|
|
body: Joi.object({
|
|
email: Joi.string().required(),
|
|
}),
|
|
}),
|
|
rateLimit,
|
|
CaptchaMiddleware.validateCaptcha('passwordReset'),
|
|
PasswordResetController.requestReset
|
|
)
|
|
},
|
|
}
|