Add throttling to ResendConfirmationEmail

incuna · Jan 26, 2015 · ee697e5 · ee697e5
1 parent 82fb2b3
commit ee697e5
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 0 deletions.
diff --git a/user_management/api/tests/test_throttling.py b/user_management/api/tests/test_throttling.py
@@ -96,3 +96,19 @@ def test_post_rate_limit(self):
         # request is throttled
         response = view(request)
         self.assertEqual(response.status_code, status.HTTP_429_TOO_MANY_REQUESTS)
+
+
+class TestResendConfirmationEmail(APIRequestTestCase):
+    view_class = views.ResendConfirmationEmail
+
+    @patch(THROTTLE_RATE_PATH, new={'confirmations': '0/minute'})
+    def test_post_rate_limit(self):
+        """Assert POST requests are rate limited."""
+        user = UserFactory.create()
+        data = {'email': user.email}
+
+        request = self.create_request('post', data=data, auth=False)
+        view = self.view_class.as_view()
+
+        response = view(request)
+        self.assertEqual(response.status_code, status.HTTP_429_TOO_MANY_REQUESTS)
diff --git a/user_management/api/tests/test_views.py b/user_management/api/tests/test_views.py
@@ -842,6 +842,10 @@ def test_delete(self):
 class ResendConfirmationEmailTest(APIRequestTestCase):
     view_class = views.ResendConfirmationEmail
 
+    def setUp(self):
+        """Avoid view to be throttled for tests."""
+        self.view_class.throttle_scope = None
+
     def test_post(self):
         """Assert user can request a new confirmation email."""
         user = UserFactory.create()

diff --git a/user_management/api/throttling.py b/user_management/api/throttling.py
@@ -47,3 +47,10 @@ class PasswordResetRateThrottle(
         PostRequestThrottleMixin,
         ScopedRateThrottle):
     default_rate = '3/hour'
+
+
+class ResendConfirmationEmailRateThrottle(
+        DefaultRateMixin,
+        PostRequestThrottleMixin,
+        ScopedRateThrottle):
+    default_rate = '3/hour'
diff --git a/user_management/api/views.py b/user_management/api/views.py
@@ -225,6 +225,8 @@ class ResendConfirmationEmail(generics.GenericAPIView):
     """Resend a confirmation email."""
     permission_classes = [permissions.IsNotAuthenticated]
     serializer_class = serializers.ResendConfirmationEmailSerializer
+    throttle_classes = [throttling.ResendConfirmationEmailRateThrottle]
+    throttle_scope = 'confirmations'
 
     def post(self, request, *args, **kwargs):
         serializer = self.serializer_class(data=request.DATA)