Skip to content

Commit

Permalink
Add throttles
Browse files Browse the repository at this point in the history
  • Loading branch information
@eliasbiagioninc
eliasbiagioninc committed Aug 30, 2024
1 parent 96d5e74 commit 1195d6e
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
11 changes: 11 additions & 0 deletions {{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/throttles.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
from rest_framework.throttling import AnonRateThrottle


class ResetPasswordRequestLimit(AnonRateThrottle):
rate = "5/hour"
scope = "reset_password_request_code"


class ResetPasswordConfirmLimit(AnonRateThrottle):
rate = "5/hour"
scope = "reset_password_confirm"
5 changes: 4 additions & 1 deletion {{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
from django.shortcuts import render
from django.template import TemplateDoesNotExist
from rest_framework import generics, mixins, permissions, status, views, viewsets
from rest_framework.decorators import api_view, permission_classes
from rest_framework.decorators import api_view, permission_classes, throttle_classes
from rest_framework.exceptions import ValidationError
from rest_framework.response import Response

Expand All @@ -25,6 +25,7 @@
UserRegistrationSerializer,
UserSerializer,
)
from .throttles import ResetPasswordConfirmLimit, ResetPasswordRequestLimit

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -93,6 +94,7 @@ def update(self, request, *args, **kwargs):

@api_view(["post"])
@permission_classes([permissions.AllowAny])
@throttle_classes([ResetPasswordRequestLimit])
def request_reset_code(request, *args, **kwargs):
email = request.data.get("email")
user = User.objects.filter(email=email).first()
Expand All @@ -105,6 +107,7 @@ def request_reset_code(request, *args, **kwargs):

@api_view(["post"])
@permission_classes([permissions.AllowAny])
@throttle_classes([ResetPasswordConfirmLimit])
def reset_password(request, *args, **kwargs):
email = kwargs.get("email")
user = User.objects.filter(email=email).first()
Expand Down

0 comments on commit 1195d6e

Please sign in to comment.