Add missing rate limits (#1065)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
parent
9cf2f44166
commit
faf67ff338
|
@ -22,12 +22,14 @@ def forgot_password():
|
||||||
form = ForgotPasswordForm(request.form)
|
form = ForgotPasswordForm(request.form)
|
||||||
|
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
|
# Trigger rate limiter
|
||||||
|
g.deduct_limit = True
|
||||||
|
|
||||||
email = sanitize_email(form.email.data)
|
email = sanitize_email(form.email.data)
|
||||||
flash(
|
flash(
|
||||||
"If your email is correct, you are going to receive an email to reset your password",
|
"If your email is correct, you are going to receive an email to reset your password",
|
||||||
"success",
|
"success",
|
||||||
)
|
)
|
||||||
|
|
||||||
user = User.get_by(email=email)
|
user = User.get_by(email=email)
|
||||||
|
|
||||||
if user:
|
if user:
|
||||||
|
@ -35,7 +37,4 @@ def forgot_password():
|
||||||
send_reset_password_email(user)
|
send_reset_password_email(user)
|
||||||
return redirect(url_for("auth.forgot_password"))
|
return redirect(url_for("auth.forgot_password"))
|
||||||
|
|
||||||
# Trigger rate limiter
|
|
||||||
g.deduct_limit = True
|
|
||||||
|
|
||||||
return render_template("auth/forgot_password.html", form=form)
|
return render_template("auth/forgot_password.html", form=form)
|
||||||
|
|
|
@ -12,6 +12,7 @@ from app.config import (
|
||||||
COINBASE_API_KEY,
|
COINBASE_API_KEY,
|
||||||
)
|
)
|
||||||
from app.dashboard.base import dashboard_bp
|
from app.dashboard.base import dashboard_bp
|
||||||
|
from app.extensions import limiter
|
||||||
from app.log import LOG
|
from app.log import LOG
|
||||||
from app.models import (
|
from app.models import (
|
||||||
AppleSubscription,
|
AppleSubscription,
|
||||||
|
@ -69,6 +70,7 @@ def subscription_success():
|
||||||
|
|
||||||
@dashboard_bp.route("/coinbase_checkout")
|
@dashboard_bp.route("/coinbase_checkout")
|
||||||
@login_required
|
@login_required
|
||||||
|
@limiter.limit("5/minute")
|
||||||
def coinbase_checkout_route():
|
def coinbase_checkout_route():
|
||||||
client = Client(api_key=COINBASE_API_KEY)
|
client = Client(api_key=COINBASE_API_KEY)
|
||||||
charge = client.charge.create(
|
charge = client.charge.create(
|
||||||
|
|
Loading…
Reference in a new issue