Open asmecher opened 3 years ago
Since ReCAPTCHA is not available in China, can/should we do some basic rate limiting? If we log the reset request, we should be able to not send another reset request until the last one expires?
As mentioned on Slack channel, we could use the hCaptcha instead reCaptcha.
Just wanted to add a +1 for rate limiting the password reset form.
+1
@asmecher This feature its on dev roadmap? If not, I will spend some time creating this as a package.
@henriqueramos, it hasn't yet been prioritized against a specific release, but I'd be happy to get a pull request reviewed!
The password reset form can generate unwanted emails if abused. Add ReCAPTCHA support to the password reset form.