From 17a936c3e0994d84101fcaad018583934617d1b1 Mon Sep 17 00:00:00 2001
From: Andris Reinman <andris@kreata.ee>
Date: Wed, 12 Apr 2017 12:56:13 +0300
Subject: [PATCH] removed login rate limiting for now

---
 imap.js      | 46 ++++++++++++----------------------------------
 package.json |  1 -
 2 files changed, 12 insertions(+), 35 deletions(-)

diff --git a/imap.js b/imap.js
index 49cad67c..92047e70 100644
--- a/imap.js
+++ b/imap.js
@@ -12,7 +12,6 @@ const ObjectID = require('mongodb').ObjectID;
 const Indexer = require('./imap-core/lib/indexer/indexer');
 const imapTools = require('./imap-core/lib/imap-tools');
 const fs = require('fs');
-const rateLimiter = require('rolling-rate-limiter');
 const setupIndexes = require('./indexes.json');
 const MessageHandler = require('./lib/message-handler');
 const db = require('./lib/db');
@@ -66,40 +65,27 @@ let messageHandler;
 server.onAuth = function (login, session, callback) {
     let username = (login.username || '').toString().trim();
 
-    // rate limit authentication attempts per username/source IP
-    server.loginLimiter(username + ':' + session.remoteAddress, (err, timeLeft) => {
+    db.database.collection('users').findOne({
+        username
+    }, (err, user) => {
         if (err) {
             return callback(err);
         }
-        if (timeLeft) {
-            let err = new Error('Too many logins, try again later');
-            err.response = 'NO';
-            return callback(err);
+        if (!user) {
+            return callback();
         }
 
-        db.database.collection('users').findOne({
-            username
-        }, (err, user) => {
-            if (err) {
-                return callback(err);
-            }
-            if (!user) {
-                return callback();
-            }
+        if (!bcrypt.compareSync(login.password, user.password)) {
+            return callback();
+        }
 
-            if (!bcrypt.compareSync(login.password, user.password)) {
-                return callback();
+        callback(null, {
+            user: {
+                id: user._id,
+                username
             }
-
-            callback(null, {
-                user: {
-                    id: user._id,
-                    username
-                }
-            });
         });
     });
-
 };
 
 // LIST "" "*"
@@ -1592,14 +1578,6 @@ module.exports = done => {
             database: db.database
         });
 
-        server.loginLimiter = rateLimiter({
-            redis: db.redis,
-            namespace: 'UserLoginLimiter',
-            // allow 100 login attempts per minute
-            interval: 60 * 1000,
-            maxInInterval: 100
-        });
-
         let started = false;
 
         server.on('error', err => {
diff --git a/package.json b/package.json
index 1f84151e..15f5241b 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,6 @@
     "redfour": "^1.0.0",
     "redis": "^2.7.1",
     "restify": "^4.3.0",
-    "rolling-rate-limiter": "^0.1.5",
     "smtp-server": "^3.0.1",
     "toml": "^2.3.2",
     "utf7": "^1.0.2",