Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changing rate limit
Deploy / deploy (push) Successful in 32s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-07 23:18:07 +02:00
parent ac60587be7
commit 30a5360c68
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/account/update_passkey.php
+2 -2
View File
@@ -100,7 +100,7 @@ try {
// Handle different functions
if ($fn === 'getCreateArgs') {
check_rate_limit($conn, 'passkey_register_args', 10, 60 * 60, $userName);
check_rate_limit($conn, 'passkey_register_args', 10, 60, $userName);
$createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification, $crossPlatformAttachment);
header('Content-Type: application/json');
@@ -143,7 +143,7 @@ try {
// save challange to session. you have to deliver it to processGet later.
$_SESSION['challenge'] = $WebAuthn->getChallenge();
} else if ($fn === 'processCreate') {
check_rate_limit($conn, 'passkey_register_process', 5, 60 * 60, $userName);
check_rate_limit($conn, 'passkey_register_process', 5, 60, $userName);
if (empty($_SESSION['challenge']) || ($_SESSION['passkey_register_username'] ?? '') !== $userName) {
throw new Exception('Invalid passkey session.');
}