From d30f71234dbade3a2c05bf1ed996cd2e4840032d Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Sat, 4 Feb 2023 16:50:43 +0100 Subject: [PATCH] Apply the mask on the IP too --- core/admin/mailu/limiter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/admin/mailu/limiter.py b/core/admin/mailu/limiter.py index 31ed317a..85891ee3 100644 --- a/core/admin/mailu/limiter.py +++ b/core/admin/mailu/limiter.py @@ -56,9 +56,9 @@ class LimitWraperFactory(object): limiter = self.get_limiter(app.config['AUTH_RATELIMIT_IP'], 'auth-ip') client_network = utils.extract_network_from_ip(ip) if self.is_subject_to_rate_limits(ip): - if username and (self.storage.get(f'dedup-{ip}-{username}') > 0): + if username and (self.storage.get(f'dedup-{client_network}-{username}') > 0): return - self.storage.incr(f'dedup-{ip}-{username}', limits.parse(app.config['AUTH_RATELIMIT_IP']).GRANULARITY.seconds ,True) + self.storage.incr(f'dedup-{client_network}-{username}', limits.parse(app.config['AUTH_RATELIMIT_IP']).GRANULARITY.seconds ,True) limiter.hit(client_network) def should_rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None):