users: add 1 password reset per hour rate limit.

2022-05-01 01:11:14 -05:00
parent f434abc59a
commit 4542f38023
1 changed files with 2 additions and 0 deletions
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -3,6 +3,8 @@
 class PasswordResetsController < ApplicationController
  respond_to :html, :xml, :json

+  rate_limit :create, rate: 1.0/1.hour, burst: 3
+
  def create
    @user = User.find_by_name(params.dig(:user, :name))