From cc4d1db2d647eeaebc12d0479811a592d7363e9f Mon Sep 17 00:00:00 2001 From: joel Date: Tue, 18 Jun 2024 11:17:35 +0200 Subject: [PATCH] fix: reduce size of PR --- internal/api/recover.go | 3 +-- internal/api/resend.go | 10 ++++------ 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/internal/api/recover.go b/internal/api/recover.go index c02bebb5c..0fa9760ae 100644 --- a/internal/api/recover.go +++ b/internal/api/recover.go @@ -32,7 +32,6 @@ func (p *RecoverParams) Validate() error { // Recover sends a recovery email func (a *API) Recover(w http.ResponseWriter, r *http.Request) error { ctx := r.Context() - config := a.config db := a.db.WithContext(ctx) params := &RecoverParams{} if err := retrieveRequestParams(r, params); err != nil { @@ -69,7 +68,7 @@ func (a *API) Recover(w http.ResponseWriter, r *http.Request) error { }) if err != nil { if errors.Is(err, MaxFrequencyLimitError) { - return tooManyRequestsError(ErrorCodeOverEmailSendRateLimit, generateFrequencyLimitErrorMessage(user.RecoverySentAt, config.SMTP.MaxFrequency)) + return tooManyRequestsError(ErrorCodeOverEmailSendRateLimit, "For security purposes, you can only request this once every 60 seconds") } return internalServerError("Unable to process request").WithInternalError(err) } diff --git a/internal/api/resend.go b/internal/api/resend.go index 6724fb698..b9e16df51 100644 --- a/internal/api/resend.go +++ b/internal/api/resend.go @@ -3,6 +3,7 @@ package api import ( "errors" "net/http" + "time" "github.com/supabase/auth/internal/api/sms_provider" "github.com/supabase/auth/internal/conf" @@ -153,15 +154,12 @@ func (a *API) Resend(w http.ResponseWriter, r *http.Request) error { if err != nil { if errors.Is(err, MaxFrequencyLimitError) { reason := ErrorCodeOverEmailSendRateLimit - if params.Type == smsVerification { + if params.Type == smsVerification || params.Type == phoneChangeVerification { reason = ErrorCodeOverSMSSendRateLimit - return tooManyRequestsError(reason, generateFrequencyLimitErrorMessage(user.ConfirmationSentAt, config.Sms.MaxFrequency)) - } else if params.Type == phoneChangeVerification { - reason = ErrorCodeOverSMSSendRateLimit - return tooManyRequestsError(reason, generateFrequencyLimitErrorMessage(user.PhoneChangeSentAt, config.Sms.MaxFrequency)) } - return tooManyRequestsError(reason, generateFrequencyLimitErrorMessage(user.ConfirmationSentAt, config.SMTP.MaxFrequency)) + until := time.Until(user.ConfirmationSentAt.Add(config.SMTP.MaxFrequency)) / time.Second + return tooManyRequestsError(reason, "For security purposes, you can only request this once every %d seconds.", until) } return internalServerError("Unable to process request").WithInternalError(err) }