mirror of
https://github.com/simple-login/app.git
synced 2024-09-27 20:31:30 +02:00
Implement rate limiting with send_email_with_rate_control.
This commit is contained in:
parent
122a402c22
commit
6d736aa915
@ -14,9 +14,9 @@ from flask_wtf import FlaskForm
|
||||
from wtforms import BooleanField, StringField, validators
|
||||
|
||||
from app.auth.base import auth_bp
|
||||
from app.config import MFA_USER_ID, URL
|
||||
from app.config import MFA_USER_ID, URL, ALERT_INVALID_TOTP_LOGIN
|
||||
from app.db import Session
|
||||
from app.email_utils import send_email, render
|
||||
from app.email_utils import send_email_with_rate_control, render
|
||||
from app.extensions import limiter
|
||||
from app.models import User, MfaBrowser
|
||||
|
||||
@ -92,11 +92,14 @@ def mfa():
|
||||
return response
|
||||
|
||||
else:
|
||||
send_email(
|
||||
send_email_with_rate_control(
|
||||
user,
|
||||
ALERT_INVALID_TOTP_LOGIN,
|
||||
user.email,
|
||||
"There was an unsuccessful login on your SimpleLogin account",
|
||||
render("transactional/invalid-totp-login.txt"),
|
||||
render("transactional/invalid-totp-login.html"),
|
||||
1,
|
||||
)
|
||||
flash("Incorrect token", "warning")
|
||||
# Trigger rate limiter
|
||||
|
@ -321,6 +321,8 @@ ALERT_FROM_ADDRESS_IS_REVERSE_ALIAS = "from_address_is_reverse_alias"
|
||||
|
||||
ALERT_SPF = "spf"
|
||||
|
||||
ALERT_INVALID_TOTP_LOGIN = "invalid_totp_login"
|
||||
|
||||
# when a mailbox is also an alias
|
||||
# happens when user adds a mailbox with their domain
|
||||
# then later adds this domain into SimpleLogin
|
||||
|
Loading…
Reference in New Issue
Block a user