added additional rate limiting to password reset

2024-02-13 10:03:24 +01:00 · 2024-02-13 10:03:24 +01:00 · 1b2c4a3062
commit 1b2c4a3062
parent 9232465e21
2 changed files with 10 additions and 1 deletions
--- a/recipes/settings.py
+++ b/recipes/settings.py
@ -556,4 +556,13 @@ DEFAULT_FROM_EMAIL = os.getenv('DEFAULT_FROM_EMAIL', 'webmaster@localhost')
 ACCOUNT_EMAIL_SUBJECT_PREFIX = os.getenv(
    'ACCOUNT_EMAIL_SUBJECT_PREFIX', '[Tandoor Recipes] ')  # allauth sender prefix

+ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS = False
+ACCOUNT_RATE_LIMITS = {
+    "change_password": "1/m/user",
+    "reset_password": "1/m/ip,1/m/key",
+    "reset_password_from_key": "1/m/ip",
+    "signup": "5/m/ip",
+    "login": "5/m/ip",
+}
+
 mimetypes.add_type("text/javascript", ".js", True)
--- a/requirements.txt
+++ b/requirements.txt
@ -29,7 +29,7 @@ microdata==0.8.0
 Jinja2==3.1.3
 django-webpack-loader==1.8.1
 git+https://github.com/BITSOLVER/django-js-reverse@071e304fd600107bc64bbde6f2491f1fe049ec82
-django-allauth==0.58.1
+django-allauth==0.61.1
 recipe-scrapers==14.52.0
 django-scopes==2.0.0
 pytest==7.4.3