Allow new strategies to existing sessions cleanerly (sp!) (#2077)

Martii · web-flow · commit 3e078e4634d6 · 2025-06-18T11:50:34.000-06:00
* Up dev limiter just a bit since it's too short sometimes. Post #1893 Auto-merge
diff --git a/controllers/auth.js b/controllers/auth.js
@@ -463,7 +463,7 @@ exports.callback = function (aReq, aRes, aNext) {
       aUser.authed = now;
 
       // Check probationary status vs lastAuthed for alt IP circumvention prevention
-      if (aUser._probationary && lastAuthed) {
+      if (aUser._probationary && lastAuthed && !newstrategy) {
         if (!moment().isAfter(moment(lastAuthed).add(waitAuthCapMin, 'minutes'))) {
           aUser.save(function (aErr, aUser) {
             if (aErr) {
diff --git a/models/settings.json b/models/settings.json
@@ -49,7 +49,7 @@
   "pro": 15
  },
  "waitAuthCapMin": {
-  "dev": 1,
+  "dev": 2,
   "pro": 1440
  },
  "waitCaptchaCapMin": {
diff --git a/routes.js b/routes.js
@@ -256,6 +256,12 @@ var authCapLimiter = rateLimit({
         retryAfter: waitAuthCapMin * 60 + (isDev ? fudgeSec : fudgeMin)
       }
     });
+  },
+  skip: function (aReq, aRes) {
+    if (aReq.session.newstrategy) {
+      // NOTE: Still counting by design
+      return true;
+    }
   }
 });
 

Original file line number	Diff line number	Diff line change
`@@ -256,6 +256,12 @@ var authCapLimiter = rateLimit({`
`256`	`256`	`retryAfter: waitAuthCapMin * 60 + (isDev ? fudgeSec : fudgeMin)`
`257`	`257`	`}`
`258`	`258`	`});`
	`259`	`+ },`
	`260`	`+ skip: function (aReq, aRes) {`
	`261`	`+ if (aReq.session.newstrategy) {`
	`262`	`+ // NOTE: Still counting by design`
	`263`	`+ return true;`
	`264`	`+ }`
`259`	`265`	`}`
`260`	`266`	`});`
`261`	`267`