Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prevent users to spam otp #26

Open
mssayari opened this issue Dec 6, 2021 · 0 comments
Open

prevent users to spam otp #26

mssayari opened this issue Dec 6, 2021 · 0 comments
Assignees
@erdemkeren
Labels
feat This issue is about a new feature good first issue Good for newcomers
Projects
V5

Comments

@mssayari
Copy link

mssayari commented Dec 6, 2021
edited
Loading

Hi,

I'm using this package for 2 weeks with SMS channel. I noticed that users are spamming by only refreshing otp protected routes.
I could prevent this by extending middleware and putting a simple condition with otp_last_sent timestamp in session and a simple timer in otp.create view to show that they can only request for new code after 1 minute.

I think you can implement this with dynamic time in config file in future releases.
@mssayari mssayari changed the title prevent user to spam otp prevent users to spam otp Dec 6, 2021
@erdemkeren erdemkeren added the good first issue Good for newcomers label Dec 24, 2021
@erdemkeren erdemkeren added this to To do in V5 via automation Dec 24, 2021
@erdemkeren erdemkeren added the feat This issue is about a new feature label Dec 24, 2021
@erdemkeren erdemkeren moved this from To do to In progress in V5 Dec 24, 2021
@erdemkeren erdemkeren self-assigned this Dec 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@erdemkeren erdemkeren

Labels
feat This issue is about a new feature good first issue Good for newcomers
Projects
V5
In progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erdemkeren @mssayari