Is it possible limit the number of emails sent for devise recoverable in a period of time for each user?

Question

Is it possible limit the number of emials sent for devise recoverable in a period of time for each user? How can I defend against malicious requests?

siegy22 · Answer 1 · 2016-07-22T19:49:31.827

0

I would use grecaptcha to protect your form where you let the user rescue his account.

It's really easy and simple to use and include it in your rails app.

In your view:

<%= form_for @user do |f| %>
  <%= recaptcha_tags %>
<% end %>

In your controller, create action:

def create
  verify_recaptcha(model: @user) # => returns true or false
end

edited Jul 22 '16 at 19:49

answered Jul 22 '16 at 08:59

siegy22

4,295
3
25
43

"views/devise/registrations/new.html.erb": <%= show_simple_captcha %> and "controllers/registrations_controller.rb": if simple_captcha_valid? But where will validate captcha if I write <%= show_simple_captcha %> into /devise/passwords/new.html.erb – Arcadio Jul 22 '16 at 16:25
You know how to do this: where can I validate captcha if I write <%= show_simple_captcha %> into /devise/passwords/new.html.erb. Thanks. The exampe in readme is very general – Arcadio Jul 22 '16 at 19:44

score 0 · Accepted Answer · answered Jul 26 '16 at 16:23

To limit: "emials sent for devise recoverable"

Example Gemfile:

gem 'simple_captcha2'

routes:

devise_for :users, :controllers => { ..., :passwords => 'passwords', ... }

app/controllers/passwords_controller.rb:

class PasswordsController < Devise::PasswordsController
prepend_before_action :require_no_authentication
#
# GET /resource/password/new
def create
    if simple_captcha_valid?
        super
    else
        ....
    end
end

end

app/views/devise/passwords/new.html.erb into the form_for:

<%= show_simple_captcha %>

Is it possible limit the number of emails sent for devise recoverable in a period of time for each user?

2 Answers2