add limiter for random alias creation

This commit is contained in:
Son NK 2021-03-24 17:30:05 +01:00
parent a570a426d4
commit 92acf352b6
3 changed files with 48 additions and 4 deletions

View File

@ -23,7 +23,7 @@ from app.models import (
AliasMailbox,
DomainDeletedAlias,
)
from app.utils import convert_to_id, random_word, word_exist
from app.utils import random_word, word_exist
signer = TimestampSigner(CUSTOM_ALIAS_SECRET)

View File

@ -6,9 +6,9 @@ from sqlalchemy.orm import joinedload
from app import alias_utils
from app.api.serializer import get_alias_infos_with_pagination_v3
from app.config import PAGE_LIMIT
from app.config import PAGE_LIMIT, ALIAS_LIMIT
from app.dashboard.base import dashboard_bp
from app.extensions import db
from app.extensions import db, limiter
from app.log import LOG
from app.models import (
Alias,
@ -51,6 +51,11 @@ def get_stats(user: User) -> Stats:
@dashboard_bp.route("/", methods=["GET", "POST"])
@limiter.limit(
ALIAS_LIMIT,
methods=["POST"],
exempt_when=lambda: request.form.get("form-name") != "create-random-email",
)
@login_required
def index():
query = request.args.get("query") or ""
@ -91,7 +96,7 @@ def index():
db.session.commit()
LOG.d("generate new email %s for user %s", alias, current_user)
LOG.d("create new random alias %s for user %s", alias, current_user)
flash(f"Alias {alias.email} has been created", "success")
return redirect(

View File

@ -0,0 +1,39 @@
from flask import url_for, g
from app.models import (
Alias,
)
from tests.utils import login
def test_create_random_alias_success(flask_client):
login(flask_client)
assert Alias.query.count() == 1
r = flask_client.post(
url_for("dashboard.index"),
data={"form-name": "create-random-email"},
follow_redirects=True,
)
assert r.status_code == 200
assert Alias.query.count() == 2
def test_too_many_requests(flask_client):
login(flask_client)
# can't create more than 5 aliases in 1 minute
for i in range(7):
r = flask_client.post(
url_for("dashboard.index"),
data={"form-name": "create-random-email"},
follow_redirects=True,
)
# to make flask-limiter work with unit test
# https://github.com/alisaifee/flask-limiter/issues/147#issuecomment-642683820
g._rate_limiting_complete = False
else:
# last request
assert r.status_code == 429
assert "Whoa, slow down there, pardner!" in str(r.data)