From d6df5e0ea05edf8ba9d94a3fbb5477fe10cf645c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= <adria.casajus@proton.ch>
Date: Tue, 29 Mar 2022 18:14:13 +0200
Subject: [PATCH] Add limiters to auth routes

---
 app/api/views/auth.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/api/views/auth.py b/app/api/views/auth.py
index 1adc2131..f47d8cde 100644
--- a/app/api/views/auth.py
+++ b/app/api/views/auth.py
@@ -168,6 +168,7 @@ def auth_activate():
 
 
 @api_bp.route("/auth/reactivate", methods=["POST"])
+@limiter.limit('10/minute')
 def auth_reactivate():
     """
     User asks for another activation code
@@ -209,6 +210,7 @@ def auth_reactivate():
 
 
 @api_bp.route("/auth/facebook", methods=["POST"])
+@limiter.limit('10/minute')
 def auth_facebook():
     """
     Authenticate user with Facebook
@@ -259,6 +261,7 @@ def auth_facebook():
 
 
 @api_bp.route("/auth/google", methods=["POST"])
+@limiter.limit('10/minute')
 def auth_google():
     """
     Authenticate user with Google
@@ -335,6 +338,7 @@ def auth_payload(user, device) -> dict:
 
 
 @api_bp.route("/auth/forgot_password", methods=["POST"])
+@limiter.limit('10/minute')
 def forgot_password():
     """
     User forgot password