Beispiel #1
0
    def test_organization(self):
        self.request.session = {}
        sentry_app = self.create_sentry_app(name="Tesla App",
                                            published=True,
                                            organization=self.organization)
        install = self.create_sentry_app_installation(
            slug=sentry_app.slug,
            organization=self.organization,
            user=self.user)

        client_id = sentry_app.application.client_id
        user = sentry_app.proxy_user

        api_token = GrantExchanger.run(install=install,
                                       code=install.api_grant.code,
                                       client_id=client_id,
                                       user=user)

        self.request.user = sentry_app.proxy_user

        self.request.auth = api_token

        assert (
            get_rate_limit_key(self.view, self.request) ==
            f"org:OrganizationGroupIndexEndpoint:GET:{install.organization_id}"
        )
Beispiel #2
0
    def process_view(self, request: Request, view_func, view_args,
                     view_kwargs) -> Response | None:
        """Check if the endpoint call will violate."""
        try:
            # TODO: put these fields into their own object
            request.will_be_rate_limited = False
            request.rate_limit_category = None
            request.rate_limit_uid = uuid.uuid4().hex
            request.rate_limit_key = get_rate_limit_key(view_func, request)
            if request.rate_limit_key is None:
                return
            category_str = request.rate_limit_key.split(":", 1)[0]
            request.rate_limit_category = category_str

            rate_limit = get_rate_limit_value(
                http_method=request.method,
                endpoint=view_func.view_class,
                category=RateLimitCategory(category_str),
            )
            if rate_limit is None:
                return

            request.rate_limit_metadata = above_rate_limit_check(
                request.rate_limit_key, rate_limit, request.rate_limit_uid)
            # TODO: also limit by concurrent window once we have the data
            rate_limit_cond = (request.rate_limit_metadata.rate_limit_type !=
                               RateLimitType.NOT_LIMITED
                               if ENFORCE_CONCURRENT_RATE_LIMITS else
                               request.rate_limit_metadata.rate_limit_type
                               == RateLimitType.FIXED_WINDOW)
            if rate_limit_cond:
                request.will_be_rate_limited = True
                enforce_rate_limit = getattr(view_func.view_class,
                                             "enforce_rate_limit", False)
                if enforce_rate_limit:
                    return HttpResponse(
                        {
                            "detail":
                            DEFAULT_ERROR_MESSAGE.format(
                                limit=request.rate_limit_metadata.limit,
                                window=request.rate_limit_metadata.window,
                            )
                        },
                        status=429,
                    )
        except Exception:
            logging.exception(
                "Error during rate limiting, failing open. THIS SHOULD NOT HAPPEN"
            )
Beispiel #3
0
    def process_view(self, request: Request, view_func, view_args,
                     view_kwargs) -> Response | None:
        """Check if the endpoint call will violate."""
        request.will_be_rate_limited = False
        request.rate_limit_category = None

        key = get_rate_limit_key(view_func, request)
        if key is None:
            return
        category_str = key.split(":", 1)[0]
        request.rate_limit_category = category_str

        rate_limit = get_rate_limit_value(
            http_method=request.method,
            endpoint=view_func.view_class,
            category=RateLimitCategory(category_str),
        )
        if rate_limit is None:
            return

        request.rate_limit_metadata = above_rate_limit_check(key, rate_limit)

        if request.rate_limit_metadata.is_limited:
            request.will_be_rate_limited = True
            enforce_rate_limit = getattr(view_func.view_class,
                                         "enforce_rate_limit", False)
            if enforce_rate_limit:
                return HttpResponse(
                    {
                        "detail":
                        DEFAULT_ERROR_MESSAGE.format(
                            limit=request.rate_limit_metadata.limit,
                            window=request.rate_limit_metadata.window,
                        )
                    },
                    status=429,
                )
Beispiel #4
0
 def test_users(self):
     user = User(id=1)
     self.request.session = {}
     self.request.user = user
     assert (get_rate_limit_key(self.view, self.request) ==
             f"user:OrganizationGroupIndexEndpoint:GET:{user.id}")
Beispiel #5
0
 def test_ipv6(self):
     self.request.META["REMOTE_ADDR"] = "684D:1111:222:3333:4444:5555:6:77"
     assert (
         get_rate_limit_key(self.view, self.request) ==
         "ip:OrganizationGroupIndexEndpoint:GET:684D:1111:222:3333:4444:5555:6:77"
     )
Beispiel #6
0
 def test_ip_address_missing(self):
     self.request.META["REMOTE_ADDR"] = None
     assert get_rate_limit_key(self.view, self.request) is None
Beispiel #7
0
 def test_default_ip(self):
     assert (get_rate_limit_key(
         self.view,
         self.request) == "ip:OrganizationGroupIndexEndpoint:GET:127.0.0.1")
Beispiel #8
0
 def test_group_key(self):
     user = User(id=1)
     self.request.session = {}
     self.request.user = user
     assert get_rate_limit_key(
         self.view, self.request) == f"user:default:GET:{user.id}"
Beispiel #9
0
 def test_system_token(self):
     self.request.auth = SystemToken()
     assert get_rate_limit_key(self.view, self.request) is None