simple-login/app
1
1
Fork 0
mirror of https://github.com/simple-login/app.git synced 2025-09-08 15:44:21 +08:00
Code Issues Projects Releases Packages Wiki Activity

IDTEAM-4740: use parallel_limiter to prevent auth_mfa abusing. (#2464)

Browse source 
* IDTEAM-4740: use parallel_limiter to prevent auth_mfa abusing.

* IDTEAM-4740: put back the regular rate limiter.
This commit is contained in:
Bohdan Shtepan 2025-05-12 10:23:19 +02:00 committed by GitHub
parent 300500c0c6
commit 4aa126fe0f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/api/views/auth_mfa.py
View file

@ -3,6 +3,7 @@ from flask import jsonify, request
from flask_login import login_user
from itsdangerous import Signer
from app import parallel_limiter
from app.api.base import api_bp
from app.config import FLASK_SECRET
from app.db import Session
@ -14,6 +15,7 @@ from app.models import User, ApiKey
@api_bp.route("/auth/mfa", methods=["POST"])
@limiter.limit("10/minute")
@parallel_limiter.lock(name="mfa_auth")
def auth_mfa():
"""
Validate the OTP Token