Previously, it was possible to spam an e-mail through the URL login by repeated submission of the login form.
This commit changes the bruteforce protection for the email URL brute force to the very restricted version, only allowing 5 free retries. The key for this bruteforce now includes the clientId, to ensure the user can log in to multiple sites in succession without errors.
The code to retrieve the clientId has been refactored from client middleware the into its' own util function, to prevent duplication.
Previously, it was possible to spam an e-mail through the URL login by repeated submission of the login form.
This commit changes the bruteforce protection for the email URL brute force to the very restricted version, only allowing 5 free retries. The key for this bruteforce now includes the clientId, to ensure the user can log in to multiple sites in succession without errors.
The code to retrieve the clientId has been refactored from client middleware the into its' own util function, to prevent duplication.