fix(api): Use correct data field for rate limiting identity field

Part-of: <https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/2653>
2023-11-28 12:52:12 +00:00 · 2023-11-28 12:52:12 +00:00 · 150a9f68a4
parent 0c2f9c8dbb
commit 150a9f68a4
5 changed files with 6 additions and 5 deletions
--- a/api/funkwhale_api/common/serializers.py
+++ b/api/funkwhale_api/common/serializers.py
@ -349,7 +349,7 @@ class ScopesSerializer(serializers.Serializer):

 class IdentSerializer(serializers.Serializer):
    type = serializers.CharField()
-    id = serializers.IntegerField()
+    id = serializers.CharField()


 class RateLimitSerializer(serializers.Serializer):
--- a/api/funkwhale_api/common/throttling.py
+++ b/api/funkwhale_api/common/throttling.py
@ -7,7 +7,7 @@ from rest_framework import throttling as rest_throttling

 def get_ident(user, request):
    if user and user.is_authenticated:
-        return {"type": "authenticated", "id": user.pk}
+        return {"type": "authenticated", "id": f"{user.pk}"}
    ident = rest_throttling.BaseThrottle().get_ident(request)

    return {"type": "anonymous", "id": ident}
--- a/api/tests/common/test_throttling.py
+++ b/api/tests/common/test_throttling.py
@ -17,7 +17,7 @@ def test_get_ident_anonymous(api_request):
 def test_get_ident_authenticated(api_request, factories):
    user = factories["users.User"]()
    request = api_request.get("/")
-    expected = {"id": user.pk, "type": "authenticated"}
+    expected = {"id": f"{user.pk}", "type": "authenticated"}
    assert throttling.get_ident(user, request) == expected


@ -26,7 +26,7 @@ def test_get_ident_authenticated(api_request, factories):
    [
        (
            "create",
-            {"id": 42, "type": "authenticated"},
+            {"id": "42", "type": "authenticated"},
            "throttling:create:authenticated:42",
        ),
        (
--- a/api/tests/common/test_views.py
+++ b/api/tests/common/test_views.py
@ -160,7 +160,7 @@ def test_cannot_approve_reject_without_perm(


 def test_rate_limit(logged_in_api_client, now_time, settings, mocker):
-    expected_ident = {"type": "authenticated", "id": logged_in_api_client.user.pk}
+    expected_ident = {"type": "authenticated", "id": f"{logged_in_api_client.user.pk}"}

    expected = {
        "ident": expected_ident,
--- a/changes/changelog.d/2248.bugfix
+++ b/changes/changelog.d/2248.bugfix
@ -0,0 +1 @@
+Use correct data field for rate limiting identity field (#2248)
				`@ -0,0 +1 @@`
				`Use correct data field for rate limiting identity field (#2248)`