Skip to content

OPTIONS requests shouldn't be rate limited #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LilyFirefly merged 10 commits into from
Oct 30, 2014
Merged

OPTIONS requests shouldn't be rate limited #71

LilyFirefly merged 10 commits into from
Oct 30, 2014

Conversation

@SemVerTsar
Copy link
Contributor

@SemVerTsar SemVerTsar commented Oct 30, 2014

Currently, refreshing a password reset request page (3 or more times) that does an OPTIONS to get fields, will block you from requesting the fields for a day.

We should only be rate limiting POST requests.

cc @meshy @ian-foote

@perry perry added the bug label Oct 17, 2014
@LilyFirefly
Copy link

LilyFirefly commented Oct 17, 2014

This looks easy enough to do. We can check the request.method in the throttle's allow_request method. See the Custom Throttles example.

@mlen108
Copy link
Contributor

mlen108 commented Oct 27, 2014

x

@SemVerTsar SemVerTsar self-assigned this Oct 28, 2014
@SemVerTsar
Copy link
Contributor

SemVerTsar commented Oct 30, 2014

@ian-foote or @meshy Please review.

LilyFirefly
LilyFirefly reviewed Oct 30, 2014
View reviewed changes
user_management/api/tests/test_views.py Outdated
Copy link

@LilyFirefly LilyFirefly Oct 30, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you need to recreate the request each time?

Copy link
Contributor Author

@SemVerTsar SemVerTsar Oct 30, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, as the request is being processed items are popped from the data structure. So the request cannot be reused.

Copy link

@LilyFirefly LilyFirefly Oct 30, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pity.

@SemVerTsar
Added sub test
d880765 
now only rate limits post
@SemVerTsar
Fix typo
84c8046
LilyFirefly
LilyFirefly reviewed Oct 30, 2014
View reviewed changes
user_management/api/tests/test_views.py Outdated
Copy link

@LilyFirefly LilyFirefly Oct 30, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could add a helper method to make this more DRY. Something like:

def check_post_rate_limit(self, view, data, expected_status):
    request = self.create_request('post', data=data, auth=False)
    response = view(request)
    self.assertEqual(response.status_code, expected_status)

Copy link
Contributor

@mlen108 mlen108 Oct 30, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@SemVerTsar
Copy link
Contributor

SemVerTsar commented Oct 30, 2014

@ian-foote Please take another look

@SemVerTsar
Copy link
Contributor

SemVerTsar commented Oct 30, 2014

I moved it out with a look to adapting check_post_rate_limit() to work with different request types

@SemVerTsar
Copy link
Contributor

SemVerTsar commented Oct 30, 2014

@meshy or @ian-foote could you take another look

meshy
meshy reviewed Oct 30, 2014
View reviewed changes
user_management/api/tests/test_views.py Outdated
Copy link
Contributor

@meshy meshy Oct 30, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would assert_post_returns_status be more appropriate?

Copy link
Contributor Author

@SemVerTsar SemVerTsar Oct 30, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

Copy link
Contributor

@meshy meshy Oct 30, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@SemVerTsar
Copy link
Contributor

SemVerTsar commented Oct 30, 2014

Update

@meshy
Copy link
Contributor

meshy commented Oct 30, 2014

Happy if travis is

@coveralls
Copy link

coveralls commented Oct 30, 2014

Coverage Status

Coverage remained the same when pulling c418ca7 on options-rate-delimit into 54fb754 on master.

@coveralls
Copy link

coveralls commented Oct 30, 2014

Coverage Status

Coverage remained the same when pulling c418ca7 on options-rate-delimit into 54fb754 on master.

LilyFirefly pushed a commit that referenced this pull request Oct 30, 2014
Merge pull request #71 from incuna/options-rate-delimit
e353acc 
OPTIONS requests shouldn't be rate limited
@LilyFirefly LilyFirefly merged commit e353acc into master Oct 30, 2014
@LilyFirefly LilyFirefly deleted the options-rate-delimit branch October 30, 2014 17:13
@mlen108 mlen108 mentioned this pull request Oct 31, 2014
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@SemVerTsar SemVerTsar

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@SemVerTsar @LilyFirefly @mlen108 @meshy @coveralls @perry