zulip/zerver/management/commands/rate_limit.py

from argparse import ArgumentParser
from typing import Any

from django.core.management.base import CommandError
from typing_extensions import override

from zerver.lib.management import ZulipBaseCommand
from zerver.lib.rate_limiter import RateLimitedUser
from zerver.models import UserProfile, get_user_profile_by_api_key


class Command(ZulipBaseCommand):
    help = """Manually block or unblock a user from accessing the API"""

    @override
    def add_arguments(self, parser: ArgumentParser) -> None:
        parser.add_argument("-e", "--email", help="Email account of user.")
        parser.add_argument("-a", "--api-key", help="API key of user.")
        parser.add_argument("-s", "--seconds", default=60, type=int, help="Seconds to block for.")
        parser.add_argument(
            "-d",
            "--domain",
            default="api_by_user",
            help="Rate-limiting domain. Defaults to 'api_by_user'.",
        )
        parser.add_argument(
            "-b",
            "--all-bots",
            dest="bots",
            action="store_true",
            help="Whether or not to also block all bots for this user.",
        )
        parser.add_argument(
            "operation",
            metavar="<operation>",
            choices=["block", "unblock"],
            help="operation to perform (block or unblock)",
        )
        self.add_realm_args(parser)

    @override
    def handle(self, *args: Any, **options: Any) -> None:
        if (not options["api_key"] and not options["email"]) or (
            options["api_key"] and options["email"]
        ):
            raise CommandError("Please enter either an email or API key to manage")

        realm = self.get_realm(options)
        if options["email"]:
            user_profile = self.get_user(options["email"], realm)
        else:
            try:
                user_profile = get_user_profile_by_api_key(options["api_key"])
            except UserProfile.DoesNotExist:
                raise CommandError(
                    "Unable to get user profile for API key {}".format(options["api_key"])
                )

        users = [user_profile]
        if options["bots"]:
            users.extend(
                bot for bot in UserProfile.objects.filter(is_bot=True, bot_owner=user_profile)
            )

        operation = options["operation"]
        for user in users:
            print(f"Applying operation to User ID: {user.id}: {operation}")

            if operation == "block":
                RateLimitedUser(user, domain=options["domain"]).block_access(options["seconds"])
            elif operation == "unblock":
                RateLimitedUser(user, domain=options["domain"]).unblock_access()
python: Sort imports in management commands. 2017-11-16 00:43:27 +01:00			`from argparse import ArgumentParser`
Annotate most Zulip management commands. 2016-06-04 16:52:18 +02:00			`from typing import Any`

python: Fix mypy no_implicit_reexport errors. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-07-16 22:11:10 +02:00			`from django.core.management.base import CommandError`
mypy: Enable new error explicit-override. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2023-10-12 19:43:45 +02:00			`from typing_extensions import override`
python: Fix mypy no_implicit_reexport errors. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-07-16 22:11:10 +02:00
			`from zerver.lib.management import ZulipBaseCommand`
rate_limit: Move functions called by external code to RateLimitedObject. 2020-03-04 14:05:25 +01:00			`from zerver.lib.rate_limiter import RateLimitedUser`
python: Sort imports in management commands. 2017-11-16 00:43:27 +01:00			`from zerver.models import UserProfile, get_user_profile_by_api_key`
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22) 2013-05-29 23:58:07 +02:00
python: Sort migrations/management command imports with isort. This is a preparatory commit for using isort for sorting all of our imports, merging changes to files where we can easily review the changes as something we're happy with. These are also files with relatively little active development, which means we don't expect much merge conflict risk from these changes. 2020-01-14 21:59:46 +01:00
rate_limit: Replace get_user_profile_by_email with get_user. 2017-07-08 17:58:54 +02:00			`class Command(ZulipBaseCommand):`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`help = """Manually block or unblock a user from accessing the API"""`

mypy: Enable new error explicit-override. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2023-10-12 19:43:45 +02:00			`@override`
zerver/management: Use python 3 syntax for typing. 2017-10-26 11:35:57 +02:00			`def add_arguments(self, parser: ArgumentParser) -> None:`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`parser.add_argument("-e", "--email", help="Email account of user.")`
			`parser.add_argument("-a", "--api-key", help="API key of user.")`
			`parser.add_argument("-s", "--seconds", default=60, type=int, help="Seconds to block for.")`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`parser.add_argument(`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`"-d",`
			`"--domain",`
			`default="api_by_user",`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`help="Rate-limiting domain. Defaults to 'api_by_user'.",`
			`)`
			`parser.add_argument(`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`"-b",`
			`"--all-bots",`
			`dest="bots",`
			`action="store_true",`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`help="Whether or not to also block all bots for this user.",`
			`)`
			`parser.add_argument(`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`"operation",`
			`metavar="<operation>",`
			`choices=["block", "unblock"],`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`help="operation to perform (block or unblock)",`
			`)`
rate_limit: Replace get_user_profile_by_email with get_user. 2017-07-08 17:58:54 +02:00			`self.add_realm_args(parser)`
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22) 2013-05-29 23:58:07 +02:00
mypy: Enable new error explicit-override. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2023-10-12 19:43:45 +02:00			`@override`
zerver/management: Use python 3 syntax for typing. 2017-10-26 11:35:57 +02:00			`def handle(self, args: Any, *options: Any) -> None:`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`if (not options["api_key"] and not options["email"]) or (`
			`options["api_key"] and options["email"]`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`):`
management: Don't use sys.exit(1). Using sys.exit in a management command makes it impossible to unit test the code in question. The correct approach to do the same thing in Django management commands is to raise CommandError. Followup of b570c0dafa9cd8cf7d4b2af51c5cc8496197f405 2019-05-03 23:20:39 +02:00			`raise CommandError("Please enter either an email or API key to manage")`
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22) 2013-05-29 23:58:07 +02:00
rate_limit: Replace get_user_profile_by_email with get_user. 2017-07-08 17:58:54 +02:00			`realm = self.get_realm(options)`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`if options["email"]:`
			`user_profile = self.get_user(options["email"], realm)`
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22) 2013-05-29 23:58:07 +02:00			`else:`
			`try:`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`user_profile = get_user_profile_by_api_key(options["api_key"])`
models: Add new get_user_profile_by_api_key helper. This results in a slight performance increase. 2017-08-25 07:43:38 +02:00			`except UserProfile.DoesNotExist:`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`raise CommandError(`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`"Unable to get user profile for API key {}".format(options["api_key"])`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`)`
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22) 2013-05-29 23:58:07 +02:00
			`users = [user_profile]`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`if options["bots"]:`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`users.extend(`
			`bot for bot in UserProfile.objects.filter(is_bot=True, bot_owner=user_profile)`
			`)`
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22) 2013-05-29 23:58:07 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`operation = options["operation"]`
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22) 2013-05-29 23:58:07 +02:00			`for user in users:`
python: Convert percent formatting to Python 3.6 f-strings. Generated by pyupgrade --py36-plus. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-10 06:41:04 +02:00			`print(f"Applying operation to User ID: {user.id}: {operation}")`
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22) 2013-05-29 23:58:07 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`if operation == "block":`
			`RateLimitedUser(user, domain=options["domain"]).block_access(options["seconds"])`
			`elif operation == "unblock":`
			`RateLimitedUser(user, domain=options["domain"]).unblock_access()`