mirror of
https://github.com/simple-login/app.git
synced 2024-09-20 23:16:00 +08:00
Implement rate limiting with send_email_with_rate_control.
This commit is contained in:
parent
122a402c22
commit
6d736aa915
|
@ -14,9 +14,9 @@ from flask_wtf import FlaskForm
|
||||||
from wtforms import BooleanField, StringField, validators
|
from wtforms import BooleanField, StringField, validators
|
||||||
|
|
||||||
from app.auth.base import auth_bp
|
from app.auth.base import auth_bp
|
||||||
from app.config import MFA_USER_ID, URL
|
from app.config import MFA_USER_ID, URL, ALERT_INVALID_TOTP_LOGIN
|
||||||
from app.db import Session
|
from app.db import Session
|
||||||
from app.email_utils import send_email, render
|
from app.email_utils import send_email_with_rate_control, render
|
||||||
from app.extensions import limiter
|
from app.extensions import limiter
|
||||||
from app.models import User, MfaBrowser
|
from app.models import User, MfaBrowser
|
||||||
|
|
||||||
|
@ -92,11 +92,14 @@ def mfa():
|
||||||
return response
|
return response
|
||||||
|
|
||||||
else:
|
else:
|
||||||
send_email(
|
send_email_with_rate_control(
|
||||||
|
user,
|
||||||
|
ALERT_INVALID_TOTP_LOGIN,
|
||||||
user.email,
|
user.email,
|
||||||
"There was an unsuccessful login on your SimpleLogin account",
|
"There was an unsuccessful login on your SimpleLogin account",
|
||||||
render("transactional/invalid-totp-login.txt"),
|
render("transactional/invalid-totp-login.txt"),
|
||||||
render("transactional/invalid-totp-login.html"),
|
render("transactional/invalid-totp-login.html"),
|
||||||
|
1,
|
||||||
)
|
)
|
||||||
flash("Incorrect token", "warning")
|
flash("Incorrect token", "warning")
|
||||||
# Trigger rate limiter
|
# Trigger rate limiter
|
||||||
|
|
|
@ -321,6 +321,8 @@ ALERT_FROM_ADDRESS_IS_REVERSE_ALIAS = "from_address_is_reverse_alias"
|
||||||
|
|
||||||
ALERT_SPF = "spf"
|
ALERT_SPF = "spf"
|
||||||
|
|
||||||
|
ALERT_INVALID_TOTP_LOGIN = "invalid_totp_login"
|
||||||
|
|
||||||
# when a mailbox is also an alias
|
# when a mailbox is also an alias
|
||||||
# happens when user adds a mailbox with their domain
|
# happens when user adds a mailbox with their domain
|
||||||
# then later adds this domain into SimpleLogin
|
# then later adds this domain into SimpleLogin
|
||||||
|
|
Loading…
Reference in a new issue