Skip to content

Setup Rate Limit for Login and Password Reset #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Setup Rate Limit for Login and Password Reset #266

wants to merge 8 commits into from

Conversation

@Josiassejod1
Copy link

Description

This PR adds rate limiting to the user login and password reset routes using built in rails limiting. It returns a 429 if a user attempts too many incorrect login attempts along with resetting a password.

#95

I added memory_store to the test initializer because it wasn't allow me to set the memory store in the before block.

How has this been tested?

To test appropriately go to new_registration/new and try and sign in three times under a minute you should see an error you need to enable caching locally using rails dev:cache

Screenshot 2025-09-04 at 2 50 08 PM Screenshot 2025-09-04 at 2 47 14 PM
  • [X ] Manual testing
  • System tests
  • [ X] Unit tests
  • None

Checklist

  • [X ] CI pipeline is passing
  • X[ ] My code follows the conventions of this project
  • [X ] I have performed a self-review of my code
  • I have commented on my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (if applicable)
  • I have added seed data to the database (if applicable)

Release tasks

Add any tasks that need to be done before/after the release of this feature.

Screenshots/Loom

This section is relevant in case we want to share progress with the team, otherwise, it can be omitted.

@Josiassejod1 Josiassejod1 marked this pull request as draft September 6, 2025 20:06
@Josiassejod1 Josiassejod1 marked this pull request as ready for review September 6, 2025 20:11
@Josiassejod1 Josiassejod1 marked this pull request as draft September 6, 2025 20:50
@Josiassejod1 Josiassejod1 marked this pull request as ready for review September 6, 2025 20:57
Josiassejod1
Josiassejod1 commented Sep 6, 2025
View reviewed changes
config/environments/test.rb
# Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
config.cache_store = :null_store
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't really test rate limiting without having this set unfortunately, so if there are any other suggestions I am open to it.

@ibramsterdam ibramsterdam requested a review from Sergio-e October 14, 2025 19:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sergio-e Sergio-e Awaiting requested review from Sergio-e

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Josiassejod1