From 4542f380232755fa3f85fd2d0368d205d5e3bc83 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Sun, 1 May 2022 01:11:14 -0500
Subject: [PATCH] users: add 1 password reset per hour rate limit.

---
 app/controllers/password_resets_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb
index 202c54930..a98c1c733 100644
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -3,6 +3,8 @@
 class PasswordResetsController < ApplicationController
   respond_to :html, :xml, :json
 
+  rate_limit :create, rate: 1.0/1.hour, burst: 3
+
   def create
     @user = User.find_by_name(params.dig(:user, :name))