Apply the mask on the IP too

1 year ago · d30f71234d
parent a60159a0db
commit d30f71234d
1 changed files with 2 additions and 2 deletions
--- a/core/admin/mailu/limiter.py
+++ b/core/admin/mailu/limiter.py
@ -56,9 +56,9 @@ class LimitWraperFactory(object):
        limiter = self.get_limiter(app.config['AUTH_RATELIMIT_IP'], 'auth-ip')
        client_network = utils.extract_network_from_ip(ip)
        if self.is_subject_to_rate_limits(ip):
-            if username and (self.storage.get(f'dedup-{ip}-{username}') > 0):
+            if username and (self.storage.get(f'dedup-{client_network}-{username}') > 0):
                return
-            self.storage.incr(f'dedup-{ip}-{username}', limits.parse(app.config['AUTH_RATELIMIT_IP']).GRANULARITY.seconds ,True)
+            self.storage.incr(f'dedup-{client_network}-{username}', limits.parse(app.config['AUTH_RATELIMIT_IP']).GRANULARITY.seconds ,True)
            limiter.hit(client_network)

    def should_rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None):