From 64bc454721f09b089be821c4320e145fc2f2c9e8 Mon Sep 17 00:00:00 2001 From: Steven Date: Sat, 2 Sep 2023 23:03:07 +0000 Subject: [PATCH] Fix create phone session abuse key The abuse key should use param-phone from the request params instead of email. --- app/controllers/api/account.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index e211c123ee..8e0d0a2f89 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -976,7 +976,7 @@ App::post('/v1/account/sessions/phone') ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_TOKEN) ->label('abuse-limit', 10) - ->label('abuse-key', 'url:{url},email:{param-email}') + ->label('abuse-key', 'url:{url},phone:{param-phone}') ->param('userId', '', new CustomId(), 'Unique Id. Choose your own unique ID or pass the string `ID.unique()` to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('phone', '', new Phone(), 'Phone number. Format this number with a leading \'+\' and a country code, e.g., +16175551212.') ->inject('request')