Commit 9a5b7e4b authored by ViolanteCodes's avatar ViolanteCodes
Browse files

added ratelimiting to NoteCreateView blocked = 403 page

parent b93eebf1
...@@ -673,7 +673,7 @@ class TestIssuesViews(TestCase): ...@@ -673,7 +673,7 @@ class TestIssuesViews(TestCase):
self.assertTemplateUsed(response, 'anonticket/issue_detail.html') self.assertTemplateUsed(response, 'anonticket/issue_detail.html')
def test_issue_search_view_GET_valid_data(self): def test_issue_search_view_GET_valid_data(self):
"""Test the reponse for the issue_search_view""" """Test the response for the issue_search_view"""
url = reverse('issue-search', args=[self.new_user]) url = reverse('issue-search', args=[self.new_user])
form_data = { form_data = {
'choose_project': self.project.pk, 'choose_project': self.project.pk,
...@@ -694,7 +694,7 @@ class TestIssuesViews(TestCase): ...@@ -694,7 +694,7 @@ class TestIssuesViews(TestCase):
self.assertTemplateUsed(response, 'anonticket/issue_search.html') self.assertTemplateUsed(response, 'anonticket/issue_search.html')
def test_issue_search_view_GET_no_matches(self): def test_issue_search_view_GET_no_matches(self):
"""Test the reponse for the issue_search_view""" """Test the response for the issue_search_view"""
url = reverse('issue-search', args=[self.new_user]) url = reverse('issue-search', args=[self.new_user])
form_data = { form_data = {
'choose_project': self.project.pk, 'choose_project': self.project.pk,
...@@ -750,6 +750,7 @@ class TestNotesViews(TestCase): ...@@ -750,6 +750,7 @@ class TestNotesViews(TestCase):
} }
expected_url = reverse('issue-created', args=[self.new_user]) expected_url = reverse('issue-created', args=[self.new_user])
response = self.client.post(url, form_data) response = self.client.post(url, form_data)
print(response)
self.assertRedirects(response, expected_url) self.assertRedirects(response, expected_url)
def test_note_create_view_POST_new_user(self): def test_note_create_view_POST_new_user(self):
......
...@@ -107,6 +107,20 @@ class PassUserIdentifierMixin: ...@@ -107,6 +107,20 @@ class PassUserIdentifierMixin:
context['results'] = {'user_identifier':self.kwargs['user_identifier']} context['results'] = {'user_identifier':self.kwargs['user_identifier']}
return context return context
# --------------------RATE-LIMITING SETTINGS----------------------------
# Set variables here so that django-ratelimit settings can be
# changed across multiple views.
# ----------------------------------------------------------------------
# Set rate-limiting variables as global variables with value of None.
# All items (groups/issues) currently share from same rate-limiting
# bucket. This may be changed in the future.
RATE_GROUP = 'tor-rate-group'
LIMIT_RATE = '0/m'
RATE_METHOD = ['POST']
# ------------------SHARED FUNCTIONS, GITLAB--------------------------- # ------------------SHARED FUNCTIONS, GITLAB---------------------------
# Easy to parse version of GitLab-Python functions. # Easy to parse version of GitLab-Python functions.
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
...@@ -671,6 +685,7 @@ def issue_search_view(request, user_identifier): ...@@ -671,6 +685,7 @@ def issue_search_view(request, user_identifier):
# Views related to creating/looking up notes. # Views related to creating/looking up notes.
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
@method_decorator(ratelimit(key='ip', rate='1/m', method=ratelimit.UNSAFE, block=True), name='post',)
@method_decorator(validate_user, name='dispatch') @method_decorator(validate_user, name='dispatch')
class NoteCreateView(PassUserIdentifierMixin, CreateView): class NoteCreateView(PassUserIdentifierMixin, CreateView):
"""View to create a note given a user_identifier.""" """View to create a note given a user_identifier."""
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment