CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-30 17:26:48 +13:00
Code Issues Projects Releases Wiki Activity

Update abuse-key for password recovery to add IP

Browse source 
Update abuse-key for password recovery to add IP
This commit is contained in:
Bradley Schofield 2021-11-08 14:54:28 +00:00
parent 3741786e07
commit 5a54ae8d0a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/account.php
View file

@ -1733,7 +1733,7 @@ App::post('/v1/account/recovery')
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
->label('sdk.response.model', Response::MODEL_TOKEN)
->label('abuse-limit', 10)
->label('abuse-key', 'url:{url},email:{param-email}')
->label('abuse-key', 'url:{url},email:{param-email},ip:{ip}')
->param('email', '', new Email(), 'User email.')
->param('url', '', function ($clients) { return new Host($clients); }, 'URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
->inject('request')