Merge lp:~maxiberta/canonical-identity-provider/registration-throttling into lp:canonical-identity-provider/release

Proposed by Maximiliano Bertacchini on 2018-12-20
Status: Merged
Approved by: Maximiliano Bertacchini on 2019-01-07
Approved revision: 1672
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: lp:~maxiberta/canonical-identity-provider/registration-throttling
Merge into: lp:canonical-identity-provider/release
Diff against target: 77 lines (+14/-6)
3 files modified
django_project/settings_base.py (+1/-0)
src/api/v20/handlers.py (+1/-1)
src/api/v20/tests/test_handlers.py (+12/-5)
To merge this branch: bzr merge lp:~maxiberta/canonical-identity-provider/registration-throttling
Reviewer Review Type Date Requested Status
Adam Collard (community) 2018-12-20 Approve on 2018-12-21
Review via email: mp+361212@code.launchpad.net

Commit message

Update account registration throttling from 3600 req/h/IP to 360 req/h/IP.

To post a comment you must log in.
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'django_project/settings_base.py'
2--- django_project/settings_base.py 2018-10-22 17:15:12 +0000
3+++ django_project/settings_base.py 2018-12-20 20:30:44 +0000
4@@ -582,6 +582,7 @@
5 TESTING = False
6 THOUSAND_SEPARATOR = ','
7 THROTTLE_MAX_REQUESTS = 3600
8+THROTTLE_MAX_REQUESTS_REGISTRATION = 360
9 THROTTLE_WHITELIST_EMAIL_REGEXP_LIST = []
10 TIMELOG_LOG = 'timelog.log'
11 TIME_FORMAT = 'P'
12
13=== modified file 'src/api/v20/handlers.py'
14--- src/api/v20/handlers.py 2018-10-22 16:51:54 +0000
15+++ src/api/v20/handlers.py 2018-12-20 20:30:44 +0000
16@@ -277,7 +277,7 @@
17 allowed_methods = ('POST',)
18
19 @require_mime('json')
20- @throttle()
21+ @throttle(max_requests=settings.THROTTLE_MAX_REQUESTS_REGISTRATION)
22 def create(self, request):
23 """Create/register a new account."""
24 if not gargoyle.is_active('USER_REGISTRATION_API_ENABLED', request):
25
26=== modified file 'src/api/v20/tests/test_handlers.py'
27--- src/api/v20/tests/test_handlers.py 2018-10-22 16:51:54 +0000
28+++ src/api/v20/tests/test_handlers.py 2018-12-20 20:30:44 +0000
29@@ -601,10 +601,14 @@
30 other_email = 'other@email.com'
31 assert other_email != data['email']
32
33- with self.settings(THROTTLE_MAX_REQUESTS=2):
34+ max_requests = settings.THROTTLE_MAX_REQUESTS_REGISTRATION
35+ with patch('piston.utils.cache') as mock_cache:
36+ mock_cache.get.return_value = (max_requests - 1, time.time() + 42)
37 response = self.do_post(data, status_code=201)
38 self.assert_account_created()
39
40+ with patch('piston.utils.cache') as mock_cache:
41+ mock_cache.get.return_value = (max_requests, time.time() + 42)
42 data['email'] = other_email
43 response = self.do_post(data, status_code=429)
44 self.assertEqual(response['code'], 'TOO_MANY_REQUESTS')
45@@ -2005,7 +2009,8 @@
46 mock_cache.get.return_value = (
47 settings.THROTTLE_MAX_REQUESTS, time.time() + 42.99)
48
49- def throttle_by_openid(self, openid):
50+ def throttle_by_openid(self, openid,
51+ max_requests=settings.THROTTLE_MAX_REQUESTS):
52 mock_cache = self.patch('piston.utils.cache')
53
54 def mock_get(key, default=None, version=None):
55@@ -2013,9 +2018,9 @@
56 # the first part of the key is the requester username
57 _, extra = key.split(':', 1)
58 if openid in extra:
59- return settings.THROTTLE_MAX_REQUESTS, time.time() + 42.99
60+ return max_requests, time.time() + 42.99
61 else:
62- return settings.THROTTLE_MAX_REQUESTS - 1, time.time() + 42.99
63+ return max_requests - 1, time.time() + 42.99
64 mock_cache.get = mock_get
65
66 throttle_by_email = throttle_by_token = throttle_by_openid
67@@ -2116,7 +2121,9 @@
68 self.assert_handler_not_throttled(
69 request, data=json.dumps(data),
70 content_type='application/json',
71- throttle_func=lambda: self.throttle_by_email(email))
72+ throttle_func=lambda: self.throttle_by_email(
73+ email,
74+ max_requests=settings.THROTTLE_MAX_REQUESTS_REGISTRATION))
75
76 def test_account_login_handler_throttled_by_email(self):
77 url = reverse('api-login')