Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: Mention the reset_authentication_attempt_count command. 

The authenticate_by_username limit of 5 attempts per 30 minutes can get
annoying in some cases where the user really forgot their password and
should be allowed to keep trying with admin approvial - so we should
document the command that allows unblocking them.
This commit is contained in:
Mateusz Mandera 2022-12-15 20:47:35 +01:00 committed by Tim Abbott
parent f016ab4396
commit b6067b63b8
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/production/security-model.md
View File

@ -310,9 +310,14 @@ RATE_LIMITING_RULES` to verify your changes. You can then restart
across its exit nodes, without enabling this setting, TOR can otherwise be
used to avoid IP-based rate limiting. The updated list of TOR exit nodes
is refetched once an hour.
- If a user runs into the rate limit for login attempts, a server
administrator can clear this state using the
`manage.py reset_authentication_attempt_count`
[management command][management-commands].
See also our [API documentation on rate limiting][rate-limit-api].
[management-commands]: ../production/management-commands.md
[rate-limit-api]: https://zulip.com/api/rest-error-handling#rate-limit-exceeded
## Final notes and security response