From 71fd5e2241f81e0b3e89437e541fc6482aa8a246 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?=
 <acasajus@users.noreply.github.com>
Date: Thu, 6 Apr 2023 15:55:37 +0200
Subject: [PATCH] Reduce rate limit on password forgot route (#1683)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
---
 app/api/views/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/api/views/auth.py b/app/api/views/auth.py
index e8fb3616..79e019b1 100644
--- a/app/api/views/auth.py
+++ b/app/api/views/auth.py
@@ -357,7 +357,7 @@ def auth_payload(user, device) -> dict:
 
 
 @api_bp.route("/auth/forgot_password", methods=["POST"])
-@limiter.limit("10/minute")
+@limiter.limit("2/minute")
 def forgot_password():
     """
     User forgot password