Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

decorator: Reorder authenticated_json_view. 

Checking authentication before rate limiting is easier to reason
about, especially since rate_limit() would check authentication
anyway.
This commit is contained in:
Tim Abbott 2022-08-09 11:16:43 -07:00
parent 60a2de21a9
commit 9bf383dcae
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
zerver/decorator.py
View File

@ -883,13 +883,13 @@ def authenticated_json_view(
*args: ParamT.args,
**kwargs: ParamT.kwargs,
) -> HttpResponse:
if not skip_rate_limiting:
rate_limit(request)
if not request.user.is_authenticated:
raise UnauthorizedError()
user_profile = request.user
if not skip_rate_limiting:
rate_limit(request)
validate_account_and_subdomain(request, user_profile)
if user_profile.is_incoming_webhook: