I have set up my django backend to send the activation email (with activation link) to the user's email address provided at registration. But recently, I have been getting spam attacks where the user (or bot or whatever) requests the activation link continuously and increases the load on my email server. To counter this, how can I add a time delay/interval between successive requests for an activation email to the same email address?
Should I create a custom view for this? if so, what view should I look at modifying and how can I add a time interval that say restricts the user from requesting 1 an activation link every 5 or 10 mins?
Edit:
I have found that django-allauth itself supports a feature to add a cooldown period, but I am not able to get this to work. An issue was raised regarding this and I've tried the solution in the issue thread by modifying my relevant app settings to the following:
ACCOUNT_EMAIL_CONFIRMATION_HMAC = False
ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN = 300
ACCOUNT_AUTHENTICATION_METHOD = 'username_email'
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_LOGOUT_ON_GET = True
But still, when a user whose email is not yet verified (activated) tries to login, they are redirected to a page where it asks them to check their email and a verification email is sent (which is the correct behavior according to this) but the cooldown specified above (300 secs) is not respected. I can keep trying to log in continuously, and it just keeps re-sending the activation email. How can I fix this and make the cooldown work properly?
Version info:
Python 3.5
django-allauth 0.34
Answering my own question:
The cooldown does work - it's just that even though it redirects me to the same page, the email from the server is only sent once and is not resent till the cooldown period is over.
The answer to my original question is the changes to the app settings in the edit in my original post.