Merge pull request #18538 from mozilla/FXA-11272

dschom · web-flow · commit 3d56ce50ff5b · 2025-03-12T09:50:40.000-07:00
task(customs): Update rules for consistency
diff --git a/libs/accounts/recovery-phone/src/lib/recovery-phone.manager.ts b/libs/accounts/recovery-phone/src/lib/recovery-phone.manager.ts
@@ -22,7 +22,7 @@ import {
 import { Redis } from 'ioredis';
 import { PhoneNumberInstance } from 'twilio/lib/rest/lookups/v2/phoneNumber';
 
-const RECORD_EXPIRATION_SECONDS = 10 * 60;
+const RECORD_EXPIRATION_SECONDS = 5 * 60;
 
 /**
  *
diff --git a/packages/fxa-customs-server/lib/config/config.js b/packages/fxa-customs-server/lib/config/config.js
@@ -195,7 +195,7 @@ module.exports = function (fs, path, url, convict) {
         },
         passwordResetOtpRateLimitIntervalSeconds: {
           doc: 'Number of seconds to wait until password reset OTP requests are allowed again',
-          default: 1800,
+          default: 15 * 60,
           format: 'nat',
           env: 'PASSWORD_RESET_OTP_EMAIL_RATE_LIMIT_SECONDS',
         },
@@ -431,7 +431,7 @@ module.exports = function (fs, path, url, convict) {
           max: {
             doc: 'max actions during `period` that can occur before rate limit is applied',
             format: 'nat',
-            default: 2,
+            default: 5,
             env: 'TOTP_CODE_RULE_MAX',
           },
           periodMs: {
@@ -443,7 +443,7 @@ module.exports = function (fs, path, url, convict) {
           rateLimitIntervalMs: {
             doc: 'how long rate limit is applied',
             format: 'duration',
-            default: '30 seconds',
+            default: '15 minutes',
             env: 'TOTP_CODE_RULE_LIMIT_INTERVAL_MS',
           },
         },
@@ -458,13 +458,13 @@ module.exports = function (fs, path, url, convict) {
           max: {
             doc: 'max actions during `period` that can occur before rate limit is applied',
             format: 'nat',
-            default: 10,
+            default: 5,
             env: 'RECOVERY_PHONE_TOTP_CODE_RULE_MAX',
           },
           periodMs: {
             doc: 'period needed before rate limit is reset',
             format: 'duration',
-            default: '15 minutes',
+            default: '5 minutes',
             env: 'RECOVERY_PHONE_TOTP_CODE_RULE_PERIOD_MS',
           },
           rateLimitIntervalMs: {

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ import {`
`22`	`22`	`import { Redis } from 'ioredis';`
`23`	`23`	`import { PhoneNumberInstance } from 'twilio/lib/rest/lookups/v2/phoneNumber';`
`24`	`24`
`25`		`-const RECORD_EXPIRATION_SECONDS = 10 * 60;`
	`25`	`+const RECORD_EXPIRATION_SECONDS = 5 * 60;`
`26`	`26`
`27`	`27`	`/**`
`28`	`28`	`*`