Increase rate limit for user registration and deactivation to prevent abuse

Daniel Neto · Daniel Neto · commit 16a98ee064c0 · 2025-11-17T15:40:45.000-03:00
diff --git a/plugin/API/API.php b/plugin/API/API.php
@@ -4026,7 +4026,7 @@ public function set_api_signUp($parameters)
         }
 
         // Rate limiting for user registration (prevent abuse)
-        $this->checkRateLimit('user_registration', 3, 600); // 3 attempts per 10 minutes
+        $this->checkRateLimit('user_registration', 10, 600); // 10 attempts per 10 minutes
 
         $ignoreCaptcha = 1;
         if (isset($_REQUEST['emailVerified'])) {
@@ -5492,7 +5492,7 @@ public function set_api_user_inactive($parameters)
         }
 
         // Rate limiting check (prevent abuse)
-        $this->checkRateLimit('user_deactivation', 5, 300); // 5 attempts per 5 minutes
+        $this->checkRateLimit('user_deactivation', 10, 300); // 10 attempts per 5 minutes
 
         // Execute the deactivation
         $targetUser->setStatus('i');

Original file line number	Diff line number	Diff line change
`@@ -4026,7 +4026,7 @@ public function set_api_signUp($parameters)`
`4026`	`4026`	`}`
`4027`	`4027`
`4028`	`4028`	`// Rate limiting for user registration (prevent abuse)`
`4029`		`- $this->checkRateLimit('user_registration', 3, 600); // 3 attempts per 10 minutes`
	`4029`	`+ $this->checkRateLimit('user_registration', 10, 600); // 10 attempts per 10 minutes`
`4030`	`4030`
`4031`	`4031`	`$ignoreCaptcha = 1;`
`4032`	`4032`	`if (isset($_REQUEST['emailVerified'])) {`
`@@ -5492,7 +5492,7 @@ public function set_api_user_inactive($parameters)`
`5492`	`5492`	`}`
`5493`	`5493`
`5494`	`5494`	`// Rate limiting check (prevent abuse)`
`5495`		`- $this->checkRateLimit('user_deactivation', 5, 300); // 5 attempts per 5 minutes`
	`5495`	`+ $this->checkRateLimit('user_deactivation', 10, 300); // 10 attempts per 5 minutes`
`5496`	`5496`
`5497`	`5497`	`// Execute the deactivation`
`5498`	`5498`	`$targetUser->setStatus('i');`