diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index 5fa6b7851da..e44cf9eef67 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -51,6 +51,9 @@ class SessionController < ApplicationController return end + RateLimiter.new(nil, "login-hr-#{request.remote_ip}", 30, 1.hour).performed! + RateLimiter.new(nil, "login-min-#{request.remote_ip}", 6, 1.minute).performed! + params.require(:login) params.require(:password)