From d5feeb77d1dfaee76ae4843b8019d7dffff35807 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Mon, 22 Feb 2016 22:10:25 +0100
Subject: [PATCH] Fixed #5 -- Added a spam protection feature to password
 resets

---
 src/pretix/control/views/auth.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/pretix/control/views/auth.py b/src/pretix/control/views/auth.py
index 27b67e3ccc..b83f0b1881 100644
--- a/src/pretix/control/views/auth.py
+++ b/src/pretix/control/views/auth.py
@@ -82,6 +82,17 @@ class Forgot(TemplateView):
     def post(self, request, *args, **kwargs):
         if self.form.is_valid():
             user = self.form.cleaned_data['user']
+
+            if settings.HAS_REDIS:
+                from django_redis import get_redis_connection
+                rc = get_redis_connection("redis")
+                if rc.exists('pretix_pwreset_%s' % (user.id)):
+                    user.log_action('pretix.control.auth.user.forgot_password.denied.repeated')
+                    messages.error(request, _('We already sent you an email in the last 24 hours.'))
+                    return redirect('control:auth.forgot')
+                else:
+                    rc.setex('pretix_pwreset_%s' % (user.id), 3600 * 24, '1')
+
             mail(
                 user.email, _('Password recovery'), 'pretixcontrol/email/forgot.txt',
                 {