From a5641a9244f2289be1916953609f0b5184f85cb0 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Fri, 9 Aug 2024 16:48:05 +0200
Subject: [PATCH] Fix incorrect rate limit on PUT requests (#31356)

---
 config/initializers/rack_attack.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 6d8284e2b4..8125b335f9 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -142,7 +142,7 @@ class Rack::Attack
   end
 
   throttle('throttle_password_change/account', limit: 10, period: 10.minutes) do |req|
-    req.warden_user_id if req.put? || (req.patch? && req.path_matches?('/auth'))
+    req.warden_user_id if (req.put? || req.patch?) && (req.path_matches?('/auth') || req.path_matches?('/auth/password'))
   end
 
   self.throttled_responder = lambda do |request|