def create(self, request, *args, **kwargs):
email = request.data.get('email', None)
try:
user = self.get_queryset().get(email__iexact=email)
except:
user = None
if user:
# Allow only 5 requests per hour
limit = 5
now = timezone.now()
to_check = (now - relativedelta(hours=1)).replace(tzinfo=timezone.utc)
tokens = models.PasswordRecoveryToken.objects.filter(user=user, created_date__gte=to_check, channel__slug=request.channel)
if tokens.count() >= limit:
will_release = tokens.order_by('-created_date')[limit-1].created_date + relativedelta(hours=1)
seconds = abs((will_release - now).seconds)
return response.Response({'success': False, 'message': 'Five tokens generated last hour.', 'try_again_in': seconds}, status=status.HTTP_429_TOO_MANY_REQUESTS)
token = models.PasswordRecoveryToken.objects.create(user=user, object_channel=request.channel)
return response.Response({'success': True, 'message': 'Token requested successfully(if user exists).'})
password_recovery.py 文件源码
python
阅读 19
收藏 0
点赞 0
评论 0
评论列表
文章目录
