Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
The Tor Project
TPA
Anonymous Ticket Portal
Commits
9a5b7e4b
Commit
9a5b7e4b
authored
Feb 10, 2021
by
ViolanteCodes
Browse files
added ratelimiting to NoteCreateView blocked = 403 page
parent
b93eebf1
Changes
2
Hide whitespace changes
Inline
Side-by-side
anonticket/tests.py
View file @
9a5b7e4b
...
...
@@ -673,7 +673,7 @@ class TestIssuesViews(TestCase):
self
.
assertTemplateUsed
(
response
,
'anonticket/issue_detail.html'
)
def
test_issue_search_view_GET_valid_data
(
self
):
"""Test the reponse for the issue_search_view"""
"""Test the re
s
ponse for the issue_search_view"""
url
=
reverse
(
'issue-search'
,
args
=
[
self
.
new_user
])
form_data
=
{
'choose_project'
:
self
.
project
.
pk
,
...
...
@@ -694,7 +694,7 @@ class TestIssuesViews(TestCase):
self
.
assertTemplateUsed
(
response
,
'anonticket/issue_search.html'
)
def
test_issue_search_view_GET_no_matches
(
self
):
"""Test the reponse for the issue_search_view"""
"""Test the re
s
ponse for the issue_search_view"""
url
=
reverse
(
'issue-search'
,
args
=
[
self
.
new_user
])
form_data
=
{
'choose_project'
:
self
.
project
.
pk
,
...
...
@@ -750,6 +750,7 @@ class TestNotesViews(TestCase):
}
expected_url
=
reverse
(
'issue-created'
,
args
=
[
self
.
new_user
])
response
=
self
.
client
.
post
(
url
,
form_data
)
print
(
response
)
self
.
assertRedirects
(
response
,
expected_url
)
def
test_note_create_view_POST_new_user
(
self
):
...
...
anonticket/views.py
View file @
9a5b7e4b
...
...
@@ -107,6 +107,20 @@ class PassUserIdentifierMixin:
context
[
'results'
]
=
{
'user_identifier'
:
self
.
kwargs
[
'user_identifier'
]}
return
context
# --------------------RATE-LIMITING SETTINGS----------------------------
# Set variables here so that django-ratelimit settings can be
# changed across multiple views.
# ----------------------------------------------------------------------
# Set rate-limiting variables as global variables with value of None.
# All items (groups/issues) currently share from same rate-limiting
# bucket. This may be changed in the future.
RATE_GROUP
=
'tor-rate-group'
LIMIT_RATE
=
'0/m'
RATE_METHOD
=
[
'POST'
]
# ------------------SHARED FUNCTIONS, GITLAB---------------------------
# Easy to parse version of GitLab-Python functions.
# ----------------------------------------------------------------------
...
...
@@ -671,6 +685,7 @@ def issue_search_view(request, user_identifier):
# Views related to creating/looking up notes.
# ----------------------------------------------------------------------
@
method_decorator
(
ratelimit
(
key
=
'ip'
,
rate
=
'1/m'
,
method
=
ratelimit
.
UNSAFE
,
block
=
True
),
name
=
'post'
,)
@
method_decorator
(
validate_user
,
name
=
'dispatch'
)
class
NoteCreateView
(
PassUserIdentifierMixin
,
CreateView
):
"""View to create a note given a user_identifier."""
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment