added additional rate limiting to password reset

TandoorRecipes · Feb 13, 2024 · 1b2c4a3 · 1b2c4a3
1 parent 9232465
commit 1b2c4a3
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/recipes/settings.py b/recipes/settings.py
@@ -556,4 +556,13 @@
 ACCOUNT_EMAIL_SUBJECT_PREFIX = os.getenv(
     'ACCOUNT_EMAIL_SUBJECT_PREFIX', '[Tandoor Recipes] ')  # allauth sender prefix
 
+ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS = False
+ACCOUNT_RATE_LIMITS = {
+    "change_password": "1/m/user",
+    "reset_password": "1/m/ip,1/m/key",
+    "reset_password_from_key": "1/m/ip",
+    "signup": "5/m/ip",
+    "login": "5/m/ip",
+}
+
 mimetypes.add_type("text/javascript", ".js", True)
diff --git a/requirements.txt b/requirements.txt
@@ -29,7 +29,7 @@ microdata==0.8.0
 Jinja2==3.1.3
 django-webpack-loader==1.8.1
 git+https://github.com/BITSOLVER/django-js-reverse@071e304fd600107bc64bbde6f2491f1fe049ec82
-django-allauth==0.58.1
+django-allauth==0.61.1
 recipe-scrapers==14.52.0
 django-scopes==2.0.0
 pytest==7.4.3