def test_session(self): request = self.get_request() limiter = session_ratelimit_post('test')(lambda request: 'RESPONSE') self.assertEqual(limiter(request), 'RESPONSE') self.assertEqual(limiter(request).url, '/accounts/login/') self.assertEqual(limiter(request).url, '/accounts/login/') sleep(1) self.assertEqual(limiter(request), 'RESPONSE')
def test_session(self): request = self.get_request() limiter = session_ratelimit_post('test')(lambda request: 'RESPONSE') self.assertEqual(limiter(request), 'RESPONSE') self.assertEqual(limiter(request).url, '/accounts/login/') self.assertEqual(limiter(request).url, '/accounts/login/') sleep(1) self.assertEqual(limiter(request), 'RESPONSE')
def test_post(self): request = self.get_request() limiter = session_ratelimit_post('test')(lambda request: 'RESPONSE') # First attempt should work self.assertEqual(limiter(request), 'RESPONSE') # Second attempt should be blocked self.assertEqual(limiter(request).url, '/accounts/login/') # During lockout period request should be blocked request = self.get_request() self.assertEqual(limiter(request).url, '/accounts/login/') # Wait until lockout expires and it should work again sleep(1) request = self.get_request() self.assertEqual(limiter(request), 'RESPONSE')
from weblate.vcs.models import VCS_REGISTRY class BaseCreateView(CreateView): def __init__(self, **kwargs): super().__init__(**kwargs) self.has_billing = "weblate.billing" in settings.INSTALLED_APPS def get_form_kwargs(self): kwargs = super().get_form_kwargs() kwargs["request"] = self.request return kwargs @method_decorator(login_required, name="dispatch") @method_decorator(session_ratelimit_post("project"), name="dispatch") class CreateProject(BaseCreateView): model = Project form_class = ProjectCreateForm billings = None def get_form(self, form_class=None): form = super().get_form(form_class) billing_field = form.fields["billing"] if self.has_billing: billing_field.queryset = self.billings try: billing_field.initial = int(self.request.GET["billing"]) except (ValueError, KeyError): pass billing_field.required = not self.request.user.is_superuser