From 30a5360c6868e034f87dbdd43d322f3c1e02ba37 Mon Sep 17 00:00:00 2001
From: janis steiner <janis@jakach.ch>
Date: Thu, 7 May 2026 23:18:07 +0200
Subject: [PATCH] changing rate limit

---
 app-code/api/account/update_passkey.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-code/api/account/update_passkey.php b/app-code/api/account/update_passkey.php
index b0920a8..c477e97 100644
--- a/app-code/api/account/update_passkey.php
+++ b/app-code/api/account/update_passkey.php
@@ -100,7 +100,7 @@ try {
 
     // Handle different functions
     if ($fn === 'getCreateArgs') {
-        check_rate_limit($conn, 'passkey_register_args', 10, 60 * 60, $userName);
+        check_rate_limit($conn, 'passkey_register_args', 10, 60, $userName);
         $createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification, $crossPlatformAttachment);
 
         header('Content-Type: application/json');
@@ -143,7 +143,7 @@ try {
         // save challange to session. you have to deliver it to processGet later.
         $_SESSION['challenge'] = $WebAuthn->getChallenge();
     } else if ($fn === 'processCreate') {
-        check_rate_limit($conn, 'passkey_register_process', 5, 60 * 60, $userName);
+        check_rate_limit($conn, 'passkey_register_process', 5, 60, $userName);
         if (empty($_SESSION['challenge']) || ($_SESSION['passkey_register_username'] ?? '') !== $userName) {
             throw new Exception('Invalid passkey session.');
         }