Open infomiho opened 1 year ago
This would help with rate limiting Password Reset requests. Now we have different behaviour for known and unknown addresses since we depend on storing the last request timestamp in a database, we don't rate limit for unknown email addresses!
Independent rate limiting system would solve this inconsistency.
We added a rate limiter dependency in order to limit the
signup
andpassword reset
actions when using the e-mail and password auth. We can reuse that to introduce a general rate limiting feature that users can customize as they wish.Considerations
We want to enable configuration of: