From 07f17c5dc26737d47b9559789b531aab35cccba8 Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Sun, 24 Oct 2021 08:20:55 +0200
Subject: [PATCH] add rate limiter to FixedPinVerificationProvider
---
.../FixedPinVerificationProvider.java | 34 +++++++++++++------
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/src/main/java/im/quicksy/server/verification/FixedPinVerificationProvider.java b/src/main/java/im/quicksy/server/verification/FixedPinVerificationProvider.java
index d1b0d49..81565a0 100644
--- a/src/main/java/im/quicksy/server/verification/FixedPinVerificationProvider.java
+++ b/src/main/java/im/quicksy/server/verification/FixedPinVerificationProvider.java
@@ -3,6 +3,7 @@ package im.quicksy.server.verification;
import com.google.common.base.Charsets;
import com.google.common.base.Strings;
import com.google.common.hash.Hashing;
+import com.google.common.util.concurrent.RateLimiter;
import com.google.i18n.phonenumbers.PhoneNumberUtil;
import com.google.i18n.phonenumbers.Phonenumber;
import java.math.BigInteger;
@@ -15,6 +16,9 @@ public class FixedPinVerificationProvider extends AbstractVerificationProvider {
private static final Logger LOGGER =
LoggerFactory.getLogger(FixedPinVerificationProvider.class);
+ @SuppressWarnings("UnstableApiUsage")
+ private final RateLimiter rateLimiter = RateLimiter.create(0.2);
+
private final String salt;
public FixedPinVerificationProvider(final Map<String, String> parameter) {
@@ -25,6 +29,7 @@ public class FixedPinVerificationProvider extends AbstractVerificationProvider {
@Override
public boolean verify(final Phonenumber.PhoneNumber phoneNumber, final String pin)
throws RequestFailedException {
+ checkRateLimiter();
final boolean verified = generatePin(phoneNumber).equals(pin);
if (verified) {
LOGGER.info("Pin for {} has been verified successfully", phoneNumber);
@@ -35,17 +40,11 @@ public class FixedPinVerificationProvider extends AbstractVerificationProvider {
}
}
- @Override
- public void request(final Phonenumber.PhoneNumber phoneNumber, final Method method)
- throws RequestFailedException {
- final String pin = generatePin(phoneNumber);
- LOGGER.info("requesting pin for {}. Pin is going to be {}", phoneNumber, pin);
- }
-
- @Override
- public void request(Phonenumber.PhoneNumber phoneNumber, Method method, String language)
- throws RequestFailedException {
- this.request(phoneNumber, method);
+ @SuppressWarnings("UnstableApiUsage")
+ private void checkRateLimiter() throws TokenExpiredException {
+ if (!rateLimiter.tryAcquire()) {
+ throw new TokenExpiredException("Rate limiter struck");
+ }
}
@SuppressWarnings("UnstableApiUsage")
@@ -65,4 +64,17 @@ public class FixedPinVerificationProvider extends AbstractVerificationProvider {
.toString()
.substring(0, 6);
}
+
+ @Override
+ public void request(final Phonenumber.PhoneNumber phoneNumber, final Method method)
+ throws RequestFailedException {
+ final String pin = generatePin(phoneNumber);
+ LOGGER.info("requesting pin for {}. Pin is going to be {}", phoneNumber, pin);
+ }
+
+ @Override
+ public void request(Phonenumber.PhoneNumber phoneNumber, Method method, String language)
+ throws RequestFailedException {
+ this.request(phoneNumber, method);
+ }
}
--
GitLab