Skip to content

Commit

Permalink
Add RateLimit to registrations (HyphaApp#3493)
Browse files Browse the repository at this point in the history
A vulnerability was introduced with HyphaApp#3064 where registrations could be
created en masse using arbitrary email addresses. An attacker could use
this to make hypha auto generate mass emails to those recipients. Adding
a ratelimit to the registration should prevent that from being too
aggressive.

Co-authored-by: Frank Duncan <[email protected]>
  • Loading branch information
frankduncan and Frank Duncan authored Jul 25, 2023
1 parent ebf805f commit 267be26
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions hypha/apply/users/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@

User = get_user_model()

@method_decorator(ratelimit(key='ip', rate=settings.DEFAULT_RATE_LIMIT, method='POST'), name='dispatch')
class RegisterView(View):
form = CustomUserCreationForm()

Expand Down

0 comments on commit 267be26

Please sign in to comment.