MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(api): Use correct data field for rate limiting identity field 

Part-of: <https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/2653>
This commit is contained in:
Georg Krause 2023-11-28 12:52:12 +00:00 committed by Marge
parent 0c2f9c8dbb
commit 150a9f68a4
5 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/funkwhale_api/common/serializers.py
View File

@ -349,7 +349,7 @@ class ScopesSerializer(serializers.Serializer):
class IdentSerializer(serializers.Serializer): class IdentSerializer(serializers.Serializer):
type = serializers.CharField() type = serializers.CharField()
id = serializers.IntegerField() id = serializers.CharField()
class RateLimitSerializer(serializers.Serializer): class RateLimitSerializer(serializers.Serializer):

2
api/funkwhale_api/common/throttling.py
View File

@ -7,7 +7,7 @@ from rest_framework import throttling as rest_throttling
def get_ident(user, request): def get_ident(user, request):
if user and user.is_authenticated: if user and user.is_authenticated:
return {"type": "authenticated", "id": user.pk} return {"type": "authenticated", "id": f"{user.pk}"}
ident = rest_throttling.BaseThrottle().get_ident(request) ident = rest_throttling.BaseThrottle().get_ident(request)
return {"type": "anonymous", "id": ident} return {"type": "anonymous", "id": ident}

4
api/tests/common/test_throttling.py
View File

@ -17,7 +17,7 @@ def test_get_ident_anonymous(api_request):
def test_get_ident_authenticated(api_request, factories): def test_get_ident_authenticated(api_request, factories):
user = factories["users.User"]() user = factories["users.User"]()
request = api_request.get("/") request = api_request.get("/")
expected = {"id": user.pk, "type": "authenticated"} expected = {"id": f"{user.pk}", "type": "authenticated"}
assert throttling.get_ident(user, request) == expected assert throttling.get_ident(user, request) == expected
@ -26,7 +26,7 @@ def test_get_ident_authenticated(api_request, factories):
[ [
( (
"create", "create",
{"id": 42, "type": "authenticated"}, {"id": "42", "type": "authenticated"},
"throttling:create:authenticated:42", "throttling:create:authenticated:42",
), ),
( (

2
api/tests/common/test_views.py
View File

@ -160,7 +160,7 @@ def test_cannot_approve_reject_without_perm(
def test_rate_limit(logged_in_api_client, now_time, settings, mocker): def test_rate_limit(logged_in_api_client, now_time, settings, mocker):
expected_ident = {"type": "authenticated", "id": logged_in_api_client.user.pk} expected_ident = {"type": "authenticated", "id": f"{logged_in_api_client.user.pk}"}
expected = { expected = {
"ident": expected_ident, "ident": expected_ident,

1
changes/changelog.d/2248.bugfix Normal file
View File

@ -0,0 +1 @@
Use correct data field for rate limiting identity field (#2248)