From 212cbf2828d8f56331a7c7fa1089c9cd21bb24c6 Mon Sep 17 00:00:00 2001
From: Edward Ly <contact@edward.ly>
Date: Wed, 25 Mar 2026 09:11:15 -0700
Subject: [PATCH] fix: add rate limiting to account details update operation

Currently, the default rate for this is approximately once every minute,
which should be sufficient enough for our needs.

Signed-off-by: Edward Ly <contact@edward.ly>
---
 nextcloudappstore/user/views.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nextcloudappstore/user/views.py b/nextcloudappstore/user/views.py
index e6a90c5d7e2..edfd9045a1a 100644
--- a/nextcloudappstore/user/views.py
+++ b/nextcloudappstore/user/views.py
@@ -5,6 +5,7 @@
 
 from allauth.account.models import EmailAddress
 from allauth.account.views import PasswordChangeView
+from allauth.decorators import rate_limit
 from django.contrib import messages
 from django.contrib.auth import logout
 from django.contrib.auth.mixins import LoginRequiredMixin
@@ -100,6 +101,7 @@ def post(self, request, *args, **kwargs):
 
 
 @method_decorator(never_cache, name="dispatch")
+@method_decorator(rate_limit(action="reset_password"), name="dispatch")
 class AccountView(LoginRequiredMixin, UpdateView):
     """Display and allow changing of the user's name and subscription."""