Merge pull request #23810 from overleaf/msm-ldap-login-rate-limiter

[SP] LDAP login rate limiter

GitOrigin-RevId: dedab17da85c0f91b280d002cdad796e95b9fd4f

server-ce/hotfix/5.3.2/Dockerfile

@@ -0,0 +1 @@
+FROM sharelatex/sharelatex:5.3.1

services/web/app/src/Features/Security/RateLimiterMiddleware.js

@@ -56,8 +56,9 @@ function rateLimit(rateLimiter, opts = {}) {
   }
 }
 
-function loginRateLimitEmail(req, res, next) {
-  const { email } = req.body
+function loginRateLimitEmail(emailField = 'email') {
+  return function (req, res, next) {
+    const email = req.body[emailField]
     if (!email) {
       return next()
     }
@@ -80,6 +81,7 @@ function loginRateLimitEmail(req, res, next) {
       }
     })
   }
+}
 
 const RateLimiterMiddleware = {
   rateLimit,

services/web/app/src/router.mjs

@@ -218,7 +218,7 @@ async function initialize(webRouter, privateApiRouter, publicApiRouter) {
   webRouter.post(
     '/login',
     RateLimiterMiddleware.rateLimit(overleafLoginRateLimiter), // rate limit IP (20 / 60s)
-    RateLimiterMiddleware.loginRateLimitEmail, // rate limit email (10 / 120s)
+    RateLimiterMiddleware.loginRateLimitEmail(), // rate limit email (10 / 120s)
     CaptchaMiddleware.validateCaptcha('login'),
     AuthenticationController.passportLogin
   )
@@ -243,7 +243,7 @@ async function initialize(webRouter, privateApiRouter, publicApiRouter) {
     webRouter.post(
       '/login/legacy',
       RateLimiterMiddleware.rateLimit(overleafLoginRateLimiter), // rate limit IP (20 / 60s)
-      RateLimiterMiddleware.loginRateLimitEmail, // rate limit email (10 / 120s)
+      RateLimiterMiddleware.loginRateLimitEmail(), // rate limit email (10 / 120s)
       CaptchaMiddleware.validateCaptcha('login'),
       AuthenticationController.passportLogin
     )