From faf67ff338981d6184ca456acd0eadfdc3178eea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= Date: Wed, 8 Jun 2022 17:36:03 +0200 Subject: [PATCH] Add missing rate limits (#1065) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Adrià Casajús --- app/auth/views/forgot_password.py | 7 +++---- app/dashboard/views/pricing.py | 2 ++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/app/auth/views/forgot_password.py b/app/auth/views/forgot_password.py index c31efe70..85ba5edb 100644 --- a/app/auth/views/forgot_password.py +++ b/app/auth/views/forgot_password.py @@ -22,12 +22,14 @@ def forgot_password(): form = ForgotPasswordForm(request.form) if form.validate_on_submit(): + # Trigger rate limiter + g.deduct_limit = True + email = sanitize_email(form.email.data) flash( "If your email is correct, you are going to receive an email to reset your password", "success", ) - user = User.get_by(email=email) if user: @@ -35,7 +37,4 @@ def forgot_password(): send_reset_password_email(user) return redirect(url_for("auth.forgot_password")) - # Trigger rate limiter - g.deduct_limit = True - return render_template("auth/forgot_password.html", form=form) diff --git a/app/dashboard/views/pricing.py b/app/dashboard/views/pricing.py index a553d1d8..a316ec3e 100644 --- a/app/dashboard/views/pricing.py +++ b/app/dashboard/views/pricing.py @@ -12,6 +12,7 @@ from app.config import ( COINBASE_API_KEY, ) from app.dashboard.base import dashboard_bp +from app.extensions import limiter from app.log import LOG from app.models import ( AppleSubscription, @@ -69,6 +70,7 @@ def subscription_success(): @dashboard_bp.route("/coinbase_checkout") @login_required +@limiter.limit("5/minute") def coinbase_checkout_route(): client = Client(api_key=COINBASE_API_KEY) charge = client.charge.create(