Commit 9a5b7e4b authored by ViolanteCodes's avatar ViolanteCodes
Browse files

added ratelimiting to NoteCreateView blocked = 403 page

parent b93eebf1
......@@ -673,7 +673,7 @@ class TestIssuesViews(TestCase):
self.assertTemplateUsed(response, 'anonticket/issue_detail.html')
def test_issue_search_view_GET_valid_data(self):
"""Test the reponse for the issue_search_view"""
"""Test the response for the issue_search_view"""
url = reverse('issue-search', args=[self.new_user])
form_data = {
'choose_project': self.project.pk,
......@@ -694,7 +694,7 @@ class TestIssuesViews(TestCase):
self.assertTemplateUsed(response, 'anonticket/issue_search.html')
def test_issue_search_view_GET_no_matches(self):
"""Test the reponse for the issue_search_view"""
"""Test the response for the issue_search_view"""
url = reverse('issue-search', args=[self.new_user])
form_data = {
'choose_project': self.project.pk,
......@@ -750,6 +750,7 @@ class TestNotesViews(TestCase):
}
expected_url = reverse('issue-created', args=[self.new_user])
response = self.client.post(url, form_data)
print(response)
self.assertRedirects(response, expected_url)
def test_note_create_view_POST_new_user(self):
......
......@@ -107,6 +107,20 @@ class PassUserIdentifierMixin:
context['results'] = {'user_identifier':self.kwargs['user_identifier']}
return context
# --------------------RATE-LIMITING SETTINGS----------------------------
# Set variables here so that django-ratelimit settings can be
# changed across multiple views.
# ----------------------------------------------------------------------
# Set rate-limiting variables as global variables with value of None.
# All items (groups/issues) currently share from same rate-limiting
# bucket. This may be changed in the future.
RATE_GROUP = 'tor-rate-group'
LIMIT_RATE = '0/m'
RATE_METHOD = ['POST']
# ------------------SHARED FUNCTIONS, GITLAB---------------------------
# Easy to parse version of GitLab-Python functions.
# ----------------------------------------------------------------------
......@@ -671,6 +685,7 @@ def issue_search_view(request, user_identifier):
# Views related to creating/looking up notes.
# ----------------------------------------------------------------------
@method_decorator(ratelimit(key='ip', rate='1/m', method=ratelimit.UNSAFE, block=True), name='post',)
@method_decorator(validate_user, name='dispatch')
class NoteCreateView(PassUserIdentifierMixin, CreateView):
"""View to create a note given a user_identifier."""
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment