Skip to content
Snippets Groups Projects

email: add verification cool down to prevent abuse

Merged email: add verification cool down to prevent abuse
jc/email-verification-cool-down into master
Merged Administrator requested to merge jc/email-verification-cool-down into master

Created by: unknwon

This PR adds a so-called "email verification cool down" mechanism to prevent abuse someone else's email in high frequency, this mechanism could be used for single email.

Notes:

  1. Add a new site configuration option { "email.verification": { "coolDown": "30s" } } (naming subject to change if there is a better one!)
  2. Prevent user from signing up with a previously used email until the email address is cooled down
  3. Prevent user from adding another email to the account until the user as a whole is cooled down
  4. The mechanism will not be triggered if the Sourcegraph instance does not require email verification

Manually tested and added unit tests.

Fixes sourcegraph/security-issues#55.

Merge request reports

Merged by avatar (Jul 7, 2025 12:53am UTC)

Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
Please register or sign in to reply