What's new

Django-allauth Prevent Re-send Verification Email Spam Clicking

Fever

Active member
Staff member
I want to do something like Stackoverflow's post spam mechanism where a user is not allowed to submit the same form again until the timer expires.


But I want to do this for django-allauth's /accounts/email/ Re-send verification button. Currently, a user could spam click that button over and over and it will spam that user's inbox with email. It would be nice to disable that button after clicking once then displaying a try again in X minutes message. Probably needs to happen on a user by user basis.

https://github.com/pennersr/django-allauth/blob/master/allauth/templates/account/email.html#L35

https://github.com/pennersr/django-allauth/blob/master/allauth/account/views.py#L425-L441

What I have researched so far but not sure how to best implement it:

from allauth.account.models import EmailConfirmation
from datetime import datetime, timedelta
from django import forms

class TestForm(forms.Form):

def clean(self):
cleaned_data = super().clean()
email_address = cleaned_data.get("email_address")

most_recent_confirmation = EmailConfirmation.objects.filter(email_address=email_address).order_by("-sent").first()
time_since_last_confirmation = datetime.now() - most_recent_confirmation.sent

if time_since_last_confirmation.days < 1:
raise forms.ValidationError(
"Stop spamming. We already sent the email less than a day ago!"
)

Continue reading...
 
Top