Commit 6c018f21 authored by Magdalena Frankiewicz's avatar Magdalena Frankiewicz

Remove rate_limit_username_exists_endpoint feature flag

Enforce max 20 calls per mintue per IP address on
internal API endpoint /users/:username/exists,
used by the registration to perform a client-side
validation for uniqueness of the chosen username

Changelog: added
parent cec77404
...@@ -24,7 +24,7 @@ class UsersController < ApplicationController ...@@ -24,7 +24,7 @@ class UsersController < ApplicationController
before_action :authorize_read_user_profile!, before_action :authorize_read_user_profile!,
only: [:calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets, :followers, :following] only: [:calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets, :followers, :following]
before_action only: [:exists] do before_action only: [:exists] do
check_rate_limit!(:username_exists, scope: request.ip) if Feature.enabled?(:rate_limit_username_exists_endpoint, default_enabled: :yaml) check_rate_limit!(:username_exists, scope: request.ip)
end end
feature_category :users feature_category :users
......
---
name: rate_limit_username_exists_endpoint
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77119
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/348974
milestone: '14.7'
type: development
group: group::optimize
default_enabled: false
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment