Add missing rate limits (#1065)

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-08 17:36:03 +02:00 · 2022-06-08 17:36:03 +02:00 · faf67ff338
parent 9cf2f44166
commit faf67ff338
2 changed files with 5 additions and 4 deletions
--- a/app/auth/views/forgot_password.py
+++ b/app/auth/views/forgot_password.py
@ -22,12 +22,14 @@ def forgot_password():
    form = ForgotPasswordForm(request.form)

    if form.validate_on_submit():
+        # Trigger rate limiter
+        g.deduct_limit = True
+
        email = sanitize_email(form.email.data)
        flash(
            "If your email is correct, you are going to receive an email to reset your password",
            "success",
        )
-
        user = User.get_by(email=email)

        if user:
@ -35,7 +37,4 @@ def forgot_password():
            send_reset_password_email(user)
            return redirect(url_for("auth.forgot_password"))

-        # Trigger rate limiter
-        g.deduct_limit = True
-
    return render_template("auth/forgot_password.html", form=form)
--- a/app/dashboard/views/pricing.py
+++ b/app/dashboard/views/pricing.py
@ -12,6 +12,7 @@ from app.config import (
    COINBASE_API_KEY,
 )
 from app.dashboard.base import dashboard_bp
+from app.extensions import limiter
 from app.log import LOG
 from app.models import (
    AppleSubscription,
@ -69,6 +70,7 @@ def subscription_success():

@dashboard_bp.route("/coinbase_checkout")
@login_required
+@limiter.limit("5/minute")
 def coinbase_checkout_route():
    client = Client(api_key=COINBASE_API_KEY)
    charge = client.charge.create(