mirror of
https://github.com/multica-ai/multica.git
synced 2026-07-05 13:29:44 +02:00
fix(auth): increase email verification code resend cooldown to 60s
The 10-second cooldown was too short. Increase to 60 seconds in both frontend countdown timer and backend rate limit.
This commit is contained in:
@@ -304,7 +304,7 @@ describe("LoginPage", () => {
|
||||
).toBeInTheDocument();
|
||||
});
|
||||
|
||||
// After transitioning to code step, cooldown is 10s
|
||||
// After transitioning to code step, cooldown is 60s
|
||||
const resendBtn = screen.getByRole("button", { name: /resend in/i });
|
||||
expect(resendBtn).toBeDisabled();
|
||||
});
|
||||
@@ -340,9 +340,9 @@ describe("LoginPage", () => {
|
||||
// sendCode was called once for the initial send
|
||||
expect(mockSendCode).toHaveBeenCalledTimes(1);
|
||||
|
||||
// Advance past the 10s cooldown one second at a time so React can
|
||||
// Advance past the 60s cooldown one second at a time so React can
|
||||
// process each setCooldown state update between ticks.
|
||||
for (let i = 0; i < 11; i++) {
|
||||
for (let i = 0; i < 61; i++) {
|
||||
await act(async () => {
|
||||
vi.advanceTimersByTime(1_000);
|
||||
});
|
||||
|
||||
@@ -162,7 +162,7 @@ export function LoginPage({
|
||||
await useAuthStore.getState().sendCode(email);
|
||||
setStep("code");
|
||||
setCode("");
|
||||
setCooldown(10);
|
||||
setCooldown(60);
|
||||
} catch (err) {
|
||||
setError(
|
||||
err instanceof Error
|
||||
@@ -215,7 +215,7 @@ export function LoginPage({
|
||||
setError("");
|
||||
try {
|
||||
await useAuthStore.getState().sendCode(email);
|
||||
setCooldown(10);
|
||||
setCooldown(60);
|
||||
} catch (err) {
|
||||
setError(
|
||||
err instanceof Error ? err.message : "Failed to resend code",
|
||||
|
||||
@@ -110,9 +110,9 @@ func (h *Handler) SendCode(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
// Rate limit: max 1 code per 10 seconds per email
|
||||
// Rate limit: max 1 code per 60 seconds per email
|
||||
latest, err := h.Queries.GetLatestCodeByEmail(r.Context(), email)
|
||||
if err == nil && time.Since(latest.CreatedAt.Time) < 10*time.Second {
|
||||
if err == nil && time.Since(latest.CreatedAt.Time) < 60*time.Second {
|
||||
writeError(w, http.StatusTooManyRequests, "please wait before requesting another code")
|
||||
return
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user