abuse limits on bulk apis

2025-07-03 09:02:48 -05:00 · 2017-10-09 16:58:37 -04:00
parent f8c5bc1c39
commit 255b5bbdb0
2 changed files with 25 additions and 0 deletions
--- a/src/Api/Controllers/OrganizationsController.cs
+++ b/src/Api/Controllers/OrganizationsController.cs
@ -347,6 +347,11 @@ namespace Bit.Api.Controllers
        [HttpPost("{id}/import")]
        public async Task Import(string id, [FromBody]ImportOrganizationUsersRequestModel model)
        {
+            if(model.Groups.Count() > 200 || model.Users.Count() > 1000)
+            {
+                throw new BadRequestException("You cannot import this much data at once.");
+            }
+
            var orgIdGuid = new Guid(id);
            if(!_currentContext.OrganizationAdmin(orgIdGuid))
            {