Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/profiles/emails_controller.rb')
-rw-r--r--app/controllers/profiles/emails_controller.rb12
1 files changed, 12 insertions, 0 deletions
diff --git a/app/controllers/profiles/emails_controller.rb b/app/controllers/profiles/emails_controller.rb
index f666a1150a6..da553e34ef6 100644
--- a/app/controllers/profiles/emails_controller.rb
+++ b/app/controllers/profiles/emails_controller.rb
@@ -2,6 +2,8 @@
class Profiles::EmailsController < Profiles::ApplicationController
before_action :find_email, only: [:destroy, :resend_confirmation_instructions]
+ before_action -> { rate_limit!(:profile_add_new_email) }, only: [:create]
+ before_action -> { rate_limit!(:profile_resend_email_confirmation) }, only: [:resend_confirmation_instructions]
def index
@primary_email = current_user.email
@@ -38,6 +40,16 @@ class Profiles::EmailsController < Profiles::ApplicationController
private
+ def rate_limit!(action)
+ rate_limiter = ::Gitlab::ApplicationRateLimiter
+
+ if rate_limiter.throttled?(action, scope: current_user)
+ rate_limiter.log_request(request, action, current_user)
+
+ redirect_back_or_default(options: { alert: _('This action has been performed too many times. Try again later.') })
+ end
+ end
+
def email_params
params.require(:email).permit(:email)
end