Too Many Requests error when adding 2fa or updating password about healthchecks HOT 4 CLOSED

For sensitive actions like changing email, changing password or changing 2FA methods, Healthchecks performs an additional verification action: it sends a six-digit code to user's email and asks the user to enter the code back into the app. This action is rate-limited to 10 verification attempts per day per user (code). You should not normally run into this rate limit but if you're testing the system and logging in and out a bunch of times, you could hit it. I also sometimes do hit it during local development, when I'm manually testing these sensitive actions multiple times. What I usually do in that case is drop into the database shell and run DELETE FROM api_tokenbucket;. This discards the current rate limiter state. Obviously, don't do this on an actively used system running in production, but during initial setup or during local development it would be fine.

from healthchecks.

Thank you for your assistance. I did not initially have an outgoing SMTP server setup and triggered the limit before I was able to receive the email 2FA. After looking through issues and reading docs it seems like SMTP configuration is all but required, perhaps including a warning banner on an invalid or missing SMTP configuration could help guide new installs in the right direction and reduce requests for help. I had not planned on enabling outgoing SMTP emails until I realized it was required for full functionality.

from healthchecks.

still could not change the password any help

from healthchecks.

@suruchi9837 can you please describe step by stem what you did and what happened or didn't happen as expected?

from healthchecks.