From d6df5e0ea05edf8ba9d94a3fbb5477fe10cf645c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= Date: Tue, 29 Mar 2022 18:14:13 +0200 Subject: [PATCH 1/2] Add limiters to auth routes --- app/api/views/auth.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/api/views/auth.py b/app/api/views/auth.py index 1adc2131..f47d8cde 100644 --- a/app/api/views/auth.py +++ b/app/api/views/auth.py @@ -168,6 +168,7 @@ def auth_activate(): @api_bp.route("/auth/reactivate", methods=["POST"]) +@limiter.limit('10/minute') def auth_reactivate(): """ User asks for another activation code @@ -209,6 +210,7 @@ def auth_reactivate(): @api_bp.route("/auth/facebook", methods=["POST"]) +@limiter.limit('10/minute') def auth_facebook(): """ Authenticate user with Facebook @@ -259,6 +261,7 @@ def auth_facebook(): @api_bp.route("/auth/google", methods=["POST"]) +@limiter.limit('10/minute') def auth_google(): """ Authenticate user with Google @@ -335,6 +338,7 @@ def auth_payload(user, device) -> dict: @api_bp.route("/auth/forgot_password", methods=["POST"]) +@limiter.limit('10/minute') def forgot_password(): """ User forgot password From c5b0f5304e01a50a42d9f2276915eba53fc751f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= Date: Tue, 29 Mar 2022 18:18:11 +0200 Subject: [PATCH 2/2] Format --- app/api/views/auth.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/api/views/auth.py b/app/api/views/auth.py index f47d8cde..5508c9f0 100644 --- a/app/api/views/auth.py +++ b/app/api/views/auth.py @@ -168,7 +168,7 @@ def auth_activate(): @api_bp.route("/auth/reactivate", methods=["POST"]) -@limiter.limit('10/minute') +@limiter.limit("10/minute") def auth_reactivate(): """ User asks for another activation code @@ -210,7 +210,7 @@ def auth_reactivate(): @api_bp.route("/auth/facebook", methods=["POST"]) -@limiter.limit('10/minute') +@limiter.limit("10/minute") def auth_facebook(): """ Authenticate user with Facebook @@ -261,7 +261,7 @@ def auth_facebook(): @api_bp.route("/auth/google", methods=["POST"]) -@limiter.limit('10/minute') +@limiter.limit("10/minute") def auth_google(): """ Authenticate user with Google @@ -338,7 +338,7 @@ def auth_payload(user, device) -> dict: @api_bp.route("/auth/forgot_password", methods=["POST"]) -@limiter.limit('10/minute') +@limiter.limit("10/minute") def forgot_password(): """ User forgot password