From b6c47c0e3214878d42980d5c9535df52b3984b3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?=
 <netroy@users.noreply.github.com>
Date: Thu, 8 Aug 2024 15:01:07 +0200
Subject: [PATCH] fix(core): Rate limit MFA activation and verification
 endpoints (#10330)

---
 packages/cli/src/controllers/mfa.controller.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/cli/src/controllers/mfa.controller.ts b/packages/cli/src/controllers/mfa.controller.ts
index 3c58b944d57d0..4d3c6c0d9f50c 100644
--- a/packages/cli/src/controllers/mfa.controller.ts
+++ b/packages/cli/src/controllers/mfa.controller.ts
@@ -47,7 +47,7 @@ export class MFAController {
 		};
 	}
 
-	@Post('/enable')
+	@Post('/enable', { rateLimit: true })
 	async activateMFA(req: MFA.Activate) {
 		const { token = null } = req.body;
 		const { id, mfaEnabled } = req.user;
@@ -78,7 +78,7 @@ export class MFAController {
 		await this.mfaService.disableMfa(id);
 	}
 
-	@Post('/verify')
+	@Post('/verify', { rateLimit: true })
 	async verifyMFA(req: MFA.Verify) {
 		const { id } = req.user;
 		const { token } = req.body;