From bd044304f0e16a2b3039c6dad1e88f1340154d2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?=
 <acasajus@users.noreply.github.com>
Date: Tue, 26 Jul 2022 14:57:26 +0200
Subject: [PATCH] Added rate limit to resend activation email (#1192)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
---
 app/auth/views/resend_activation.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/auth/views/resend_activation.py b/app/auth/views/resend_activation.py
index 1585384e..517006af 100644
--- a/app/auth/views/resend_activation.py
+++ b/app/auth/views/resend_activation.py
@@ -4,6 +4,7 @@ from wtforms import StringField, validators
 
 from app.auth.base import auth_bp
 from app.auth.views.register import send_activation_email
+from app.extensions import limiter
 from app.log import LOG
 from app.models import User
 from app.utils import sanitize_email
@@ -14,6 +15,7 @@ class ResendActivationForm(FlaskForm):
 
 
 @auth_bp.route("/resend_activation", methods=["GET", "POST"])
+@limiter.limit("10/hour")
 def resend_activation():
     form = ResendActivationForm(request.form)