Add missing rate limits (#1065)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
parent
9cf2f44166
commit
faf67ff338
|
@ -22,12 +22,14 @@ def forgot_password():
|
|||
form = ForgotPasswordForm(request.form)
|
||||
|
||||
if form.validate_on_submit():
|
||||
# Trigger rate limiter
|
||||
g.deduct_limit = True
|
||||
|
||||
email = sanitize_email(form.email.data)
|
||||
flash(
|
||||
"If your email is correct, you are going to receive an email to reset your password",
|
||||
"success",
|
||||
)
|
||||
|
||||
user = User.get_by(email=email)
|
||||
|
||||
if user:
|
||||
|
@ -35,7 +37,4 @@ def forgot_password():
|
|||
send_reset_password_email(user)
|
||||
return redirect(url_for("auth.forgot_password"))
|
||||
|
||||
# Trigger rate limiter
|
||||
g.deduct_limit = True
|
||||
|
||||
return render_template("auth/forgot_password.html", form=form)
|
||||
|
|
|
@ -12,6 +12,7 @@ from app.config import (
|
|||
COINBASE_API_KEY,
|
||||
)
|
||||
from app.dashboard.base import dashboard_bp
|
||||
from app.extensions import limiter
|
||||
from app.log import LOG
|
||||
from app.models import (
|
||||
AppleSubscription,
|
||||
|
@ -69,6 +70,7 @@ def subscription_success():
|
|||
|
||||
@dashboard_bp.route("/coinbase_checkout")
|
||||
@login_required
|
||||
@limiter.limit("5/minute")
|
||||
def coinbase_checkout_route():
|
||||
client = Client(api_key=COINBASE_API_KEY)
|
||||
charge = client.charge.create(
|
||||
|
|
Loading…
Reference in New Issue