Merge branch 'ah/adjusted-limits' into staging

system76 · Aug 31, 2023 · 7eddafb · 7eddafb
2 parents c122a84 + 4d9b2a1
commit 7eddafb
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/lib/recognizer_web/controllers/accounts/user_two_factor_controller.ex b/lib/recognizer_web/controllers/accounts/user_two_factor_controller.ex
@@ -7,6 +7,7 @@ defmodule RecognizerWeb.Accounts.UserTwoFactorController do
   alias RecognizerWeb.Authentication
 
   @one_minute 60_000
+  @one_day 86_400_000
 
   plug :verify_user_id
 
@@ -17,6 +18,13 @@ defmodule RecognizerWeb.Accounts.UserTwoFactorController do
        ]
        when action in [:resend]
 
+  plug Hammer.Plug,
+       [
+         rate_limit: {"user:two_factor", @one_day, 10},
+         by: {:session, :two_factor_user_id}
+       ]
+       when action in [:resend]
+
   def new(conn, _params) do
     current_user_id = get_session(conn, :two_factor_user_id)
     current_user = Accounts.get_user!(current_user_id)