Rate limits problem

[dmolina-ot]

If you add a custom rate limit to an user and then delete it, the API Backend rate limit don't work to this user.

It something more difficult. You must delete first the concrete rate limit, and then change the Rate Limit combobox from Custom rate limits to Default rate limits. Checking MongoDB api_users collection, you can find that rate_limit_mode is null, but you can find also a empty rate_limits array. This is the problem!! If you delete this empty array, the API Backend rate limit works again.

[GUI]

@dmolina-ot: Is the API Backend's rate limit setup to be "Unlimited requests"? Or does the API Backend also have a custom rate limit defined?

If the API backend in question is setup with an unlimited rate limit, then I think in an odd coincidence we also just spotted this bug yesterday and fixed it in master: 18F/api.data.gov#201 This fix will be part of the v0.8 release.

However, if the API backend is not using an unlimited rate limit, then can you let me know how it is setup? I've played around with other combinations of custom rate limit settings and haven't been able to reproduce this same issue.

[GUI]

Ah, never mind, I see what you're talking about and how to reproduce it. It's actually very similar to the other rate limiting issue we fixed yesterday, but slightly different. The key to reproducing this was to save a user with 1 or more custom rate limits defined, and then as a separate action edit that user to remove the rate limits, but while keeping the "Rate limit" menu selected as "Custom rate limit". If you switched it immediately back to "Default rate limits" and saved then I don't think this happened, only if you first saved the record one time while "Custom rate limit" was still selected but all the rate limits had been removed.

In any case, this should be fixed in master by NREL/api-umbrella-gatekeeper@6785c60 This will be part of the upcoming v0.8 release.

Thank you very much for brining this to our attention!