rate_limiter: Rename authenticate domain to authenticate_by_username.

This prepares for adding authenticate_by_ip_address.
This commit is contained in:
Mateusz Mandera 2019-12-30 21:17:11 +01:00 committed by Tim Abbott
parent 7c78d8a966
commit 7b34853328
6 changed files with 10 additions and 9 deletions

View File

@ -494,7 +494,7 @@ class RateLimitAuthenticationTests(ZulipTestCase):
request = HttpRequest() request = HttpRequest()
return attempt_authentication_func(request, username, password) return attempt_authentication_func(request, username, password)
add_ratelimit_rule(10, 2, domain='authenticate') add_ratelimit_rule(10, 2, domain='authenticate_by_username')
with mock.patch.object(RateLimitedAuthenticationByUsername, 'key_fragment', new=_mock_key_fragment): with mock.patch.object(RateLimitedAuthenticationByUsername, 'key_fragment', new=_mock_key_fragment):
try: try:
start_time = time.time() start_time = time.time()
@ -523,7 +523,7 @@ class RateLimitAuthenticationTests(ZulipTestCase):
finally: finally:
# Clean up to avoid affecting other tests. # Clean up to avoid affecting other tests.
clear_history(RateLimitedAuthenticationByUsername(username)) clear_history(RateLimitedAuthenticationByUsername(username))
remove_ratelimit_rule(10, 2, domain='authenticate') remove_ratelimit_rule(10, 2, domain='authenticate_by_username')
def test_email_auth_backend_user_based_rate_limiting(self) -> None: def test_email_auth_backend_user_based_rate_limiting(self) -> None:
user_profile = self.example_user('hamlet') user_profile = self.example_user('hamlet')

View File

@ -209,7 +209,7 @@ class ChangeSettingsTest(ZulipTestCase):
def test_wrong_old_password_rate_limiter(self) -> None: def test_wrong_old_password_rate_limiter(self) -> None:
self.login(self.example_email("hamlet")) self.login(self.example_email("hamlet"))
with self.settings(RATE_LIMITING_AUTHENTICATE=True): with self.settings(RATE_LIMITING_AUTHENTICATE=True):
add_ratelimit_rule(10, 2, domain='authenticate') add_ratelimit_rule(10, 2, domain='authenticate_by_username')
start_time = time.time() start_time = time.time()
with mock.patch('time.time', return_value=start_time): with mock.patch('time.time', return_value=start_time):
result = self.client_patch( result = self.client_patch(
@ -246,7 +246,7 @@ class ChangeSettingsTest(ZulipTestCase):
)) ))
self.assert_json_success(json_result) self.assert_json_success(json_result)
remove_ratelimit_rule(10, 2, domain='authenticate') remove_ratelimit_rule(10, 2, domain='authenticate_by_username')
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend', @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
'zproject.backends.EmailAuthBackend', 'zproject.backends.EmailAuthBackend',

View File

@ -524,7 +524,7 @@ class LoginTest(ZulipTestCase):
def test_login_bad_password_rate_limiter(self) -> None: def test_login_bad_password_rate_limiter(self) -> None:
user_profile = self.example_user("hamlet") user_profile = self.example_user("hamlet")
email = user_profile.email email = user_profile.email
add_ratelimit_rule(10, 2, domain='authenticate') add_ratelimit_rule(10, 2, domain='authenticate_by_username')
start_time = time.time() start_time = time.time()
with patch('time.time', return_value=start_time): with patch('time.time', return_value=start_time):
@ -543,7 +543,7 @@ class LoginTest(ZulipTestCase):
self.login_with_return(email) self.login_with_return(email)
self.assert_logged_in_user_id(user_profile.id) self.assert_logged_in_user_id(user_profile.id)
remove_ratelimit_rule(10, 2, domain='authenticate') remove_ratelimit_rule(10, 2, domain='authenticate_by_username')
def test_login_nonexist_user(self) -> None: def test_login_nonexist_user(self) -> None:
result = self.login_with_return("xxx@zulip.com", "xxx") result = self.login_with_return("xxx@zulip.com", "xxx")

View File

@ -169,7 +169,7 @@ def common_get_active_user(email: str, realm: Realm,
return user_profile return user_profile
AuthFuncT = TypeVar('AuthFuncT', bound=Callable[..., Optional[UserProfile]]) AuthFuncT = TypeVar('AuthFuncT', bound=Callable[..., Optional[UserProfile]])
rate_limiting_rules = settings.RATE_LIMITING_RULES['authenticate'] rate_limiting_rules = settings.RATE_LIMITING_RULES['authenticate_by_username']
class RateLimitedAuthenticationByUsername(RateLimitedObject): class RateLimitedAuthenticationByUsername(RateLimitedObject):
def __init__(self, username: str) -> None: def __init__(self, username: str) -> None:

View File

@ -357,7 +357,7 @@ RATE_LIMITING_RULES = {
'api_by_user': [ 'api_by_user': [
(60, 200), # 200 requests max every minute (60, 200), # 200 requests max every minute
], ],
'authenticate': [ 'authenticate_by_username': [
(1800, 5), # 5 login attempts within 30 minutes (1800, 5), # 5 login attempts within 30 minutes
], ],
'password_reset_form_by_email': [ 'password_reset_form_by_email': [

View File

@ -222,5 +222,6 @@ SOCIAL_AUTH_SAML_ENABLED_IDPS = {
RATE_LIMITING_RULES = { RATE_LIMITING_RULES = {
'api_by_user': [], 'api_by_user': [],
'authenticate': [], 'authenticate_by_username': [],
'password_reset_form_by_email': [],
} }