added ratelimiting to NoteCreateView blocked = 403 page

9a5b7e4b · ViolanteCodes · b93eebf1 · 9a5b7e4b · 9a5b7e4b
Commit 9a5b7e4b authored Feb 10, 2021 by ViolanteCodes
--- a/anonticket/tests.py
+++ b/anonticket/tests.py
@@ -673,7 +673,7 @@ class TestIssuesViews(TestCase):
        self.assertTemplateUsed(response, 'anonticket/issue_detail.html')

    def test_issue_search_view_GET_valid_data(self):
-        """Test the reponse for the issue_search_view"""
+        """Test the response for the issue_search_view"""
        url = reverse('issue-search', args=[self.new_user])
        form_data = {
            'choose_project': self.project.pk,
@@ -694,7 +694,7 @@ class TestIssuesViews(TestCase):
        self.assertTemplateUsed(response, 'anonticket/issue_search.html')

    def test_issue_search_view_GET_no_matches(self):
-        """Test the reponse for the issue_search_view"""
+        """Test the response for the issue_search_view"""
        url = reverse('issue-search', args=[self.new_user])
        form_data = {
            'choose_project': self.project.pk,
@@ -750,6 +750,7 @@ class TestNotesViews(TestCase):
        }
        expected_url = reverse('issue-created', args=[self.new_user])
        response = self.client.post(url, form_data)
+        print(response)
        self.assertRedirects(response, expected_url)

    def test_note_create_view_POST_new_user(self):

--- a/anonticket/views.py
+++ b/anonticket/views.py
@@ -107,6 +107,20 @@ class PassUserIdentifierMixin:
            context['results'] = {'user_identifier':self.kwargs['user_identifier']}                     
        return context

+# --------------------RATE-LIMITING SETTINGS----------------------------
+# Set variables here so that django-ratelimit settings can be 
+# changed across multiple views.
+# ----------------------------------------------------------------------
+
+# Set rate-limiting variables as global variables with value of None.
+
+# All items (groups/issues) currently share from same rate-limiting
+# bucket. This may be changed in the future.
+
+RATE_GROUP = 'tor-rate-group'
+LIMIT_RATE = '0/m'
+RATE_METHOD = ['POST']
+
 # ------------------SHARED FUNCTIONS, GITLAB---------------------------
 # Easy to parse version of GitLab-Python functions.
 # ----------------------------------------------------------------------
@@ -671,6 +685,7 @@ def issue_search_view(request, user_identifier):
 # Views related to creating/looking up notes.
 # ----------------------------------------------------------------------

+@method_decorator(ratelimit(key='ip', rate='1/m', method=ratelimit.UNSAFE, block=True), name='post',)
 @method_decorator(validate_user, name='dispatch')
 class NoteCreateView(PassUserIdentifierMixin, CreateView):
    """View to create a note given a user_identifier."""