Add missing rate limits (#1065)

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>

app/auth/views/forgot_password.py

@@ -22,12 +22,14 @@ def forgot_password():
     form = ForgotPasswordForm(request.form)
 
     if form.validate_on_submit():
+        # Trigger rate limiter
+        g.deduct_limit = True
+
         email = sanitize_email(form.email.data)
         flash(
             "If your email is correct, you are going to receive an email to reset your password",
             "success",
         )
-
         user = User.get_by(email=email)
 
         if user:
@@ -35,7 +37,4 @@ def forgot_password():
             send_reset_password_email(user)
             return redirect(url_for("auth.forgot_password"))
 
-        # Trigger rate limiter
-        g.deduct_limit = True
-
     return render_template("auth/forgot_password.html", form=form)

app/dashboard/views/pricing.py

@@ -12,6 +12,7 @@ from app.config import (
     COINBASE_API_KEY,
 )
 from app.dashboard.base import dashboard_bp
+from app.extensions import limiter
 from app.log import LOG
 from app.models import (
     AppleSubscription,
@@ -69,6 +70,7 @@ def subscription_success():
 
 @dashboard_bp.route("/coinbase_checkout")
 @login_required
+@limiter.limit("5/minute")
 def coinbase_checkout_route():
     client = Client(api_key=COINBASE_API_KEY)
     charge = client.charge.create(