From d0d34d308a9d752d372fb9249b00014b8fa7f9a1 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sat, 22 Apr 2017 08:12:54 +0200
Subject: [PATCH] Add at most 10 password reset requests per 5 minutes and IP
 range

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 core/Controller/LostController.php | 1 +
 core/js/lostpassword.js            | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 8d26f2c194..27491b8823 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -206,6 +206,7 @@ class LostController extends Controller {
 	/**
 	 * @PublicPage
 	 * @BruteForceProtection(action=passwordResetEmail)
+	 * @AnonRateThrottle(limit=10, period=300)
 	 *
 	 * @param string $user
 	 * @return JSONResponse
diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
index 6e18dcc1f8..4690b86f99 100644
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@@ -31,7 +31,9 @@ OC.Lostpassword = {
 						user : $('#user').val()
 					},
 					OC.Lostpassword.sendLinkDone
-				);
+				).fail(function() {
+					OC.Lostpassword.sendLinkError(OC.Lostpassword.sendErrorMsg);
+				});
 			}
 		}
 	},