Remove django-ratelimit-backend (#30054)

* fix: remove the usage of django-ratelimit-backend

Co-authored-by: Awais Qureshi <awais.qureshi@arbisoft.com>

cms/envs/common.py

@@ -663,7 +663,7 @@ AUTHENTICATION_BACKENDS = [
     'auth_backends.backends.EdXOAuth2',
     'rules.permissions.ObjectPermissionBackend',
     'openedx.core.djangoapps.content_libraries.auth.LtiAuthenticationBackend',
-    'openedx.core.djangoapps.oauth_dispatch.dot_overrides.backends.EdxRateLimitedAllowAllUsersModelBackend',
+    'django.contrib.auth.backends.AllowAllUsersModelBackend',
     'bridgekeeper.backends.RulePermissionBackend',
 ]
 
@@ -810,9 +810,6 @@ MIDDLEWARE = [
 
     'codejail.django_integration.ConfigureCodeJailMiddleware',
 
-    # catches any uncaught RateLimitExceptions and returns a 403 instead of a 500
-    'ratelimitbackend.middleware.RateLimitMiddleware',
-
     # for expiring inactive sessions
     'openedx.core.djangoapps.session_inactivity_timeout.middleware.SessionInactivityTimeout',
 
@@ -1688,8 +1685,6 @@ INSTALLED_APPS = [
     # Learning Sequence Navigation
     'openedx.core.djangoapps.content.learning_sequences.apps.LearningSequencesConfig',
 
-    'ratelimitbackend',
-
     # Database-backed Organizations App (http://github.com/edx/edx-organizations)
     'organizations',
 

cms/envs/test.py

@@ -283,7 +283,10 @@ FEATURES['ENABLE_TEAMS'] = True
 SECRET_KEY = '85920908f28904ed733fe576320db18cabd7b6cd'
 
 ######### custom courses #########
-INSTALLED_APPS.append('openedx.core.djangoapps.ccxcon.apps.CCXConnectorConfig')
+INSTALLED_APPS += [
+    'openedx.core.djangoapps.ccxcon.apps.CCXConnectorConfig',
+    'common.djangoapps.third_party_auth.apps.ThirdPartyAuthConfig',
+]
 FEATURES['CUSTOM_COURSES_EDX'] = True
 
 ########################## VIDEO IMAGE STORAGE ############################

cms/urls.py

@@ -10,7 +10,7 @@ from django.urls import path, re_path
 from django.utils.translation import gettext_lazy as _
 from auth_backends.urls import oauth2_urlpatterns
 from edx_api_doc_tools import make_docs_urls
-from ratelimitbackend import admin
+from django.contrib import admin
 
 import openedx.core.djangoapps.common_views.xblock
 import openedx.core.djangoapps.debug.views

common/djangoapps/util/request_rate_limiter.py

@@ -2,30 +2,3 @@
 A utility class which wraps the RateLimitMixin 3rd party class to do bad request counting
 which can be used for rate limiting
 """
-
-from ratelimitbackend.backends import RateLimitMixin
-
-
-class RequestRateLimiter(RateLimitMixin):
-    """
-    Use the 3rd party RateLimitMixin to help do rate limiting.
-    """
-    def is_rate_limit_exceeded(self, request):
-        """
-        Returns if the client has been rated limited
-        """
-        counts = self.get_counters(request)
-        return sum(counts.values()) >= self.requests
-
-    def tick_request_counter(self, request):
-        """
-        Ticks any counters used to compute when rate limt has been reached
-        """
-        self.cache_incr(self.get_cache_key(request))
-
-
-class BadRequestRateLimiter(RequestRateLimiter):
-    """
-    Default rate limit is 30 requests for every 5 minutes.
-    """
-    pass  # lint-amnesty, pylint: disable=unnecessary-pass

lms/envs/common.py

@@ -1273,7 +1273,7 @@ DEFAULT_TEMPLATE_ENGINE_DIRS = DEFAULT_TEMPLATE_ENGINE['DIRS'][:]
 
 AUTHENTICATION_BACKENDS = [
     'rules.permissions.ObjectPermissionBackend',
-    'openedx.core.djangoapps.oauth_dispatch.dot_overrides.backends.EdxRateLimitedAllowAllUsersModelBackend',
+    'django.contrib.auth.backends.AllowAllUsersModelBackend',
     'bridgekeeper.backends.RulePermissionBackend',
 ]
 
@@ -2145,9 +2145,6 @@ MIDDLEWARE = [
     'lms.djangoapps.discussion.django_comment_client.utils.ViewNameMiddleware',
     'codejail.django_integration.ConfigureCodeJailMiddleware',
 
-    # catches any uncaught RateLimitExceptions and returns a 403 instead of a 500
-    'ratelimitbackend.middleware.RateLimitMiddleware',
-
     # for expiring inactive sessions
     'openedx.core.djangoapps.session_inactivity_timeout.middleware.SessionInactivityTimeout',
 
@@ -3198,8 +3195,6 @@ INSTALLED_APPS = [
     # Learning Sequence Navigation
     'openedx.core.djangoapps.content.learning_sequences.apps.LearningSequencesConfig',
 
-    'ratelimitbackend',
-
     # Database-backed Organizations App (http://github.com/edx/edx-organizations)
     'organizations',
 

lms/urls.py

@@ -12,7 +12,7 @@ from django.utils.translation import gettext_lazy as _
 from django.views.generic.base import RedirectView
 from edx_api_doc_tools import make_docs_urls
 from edx_django_utils.plugins import get_plugin_url_patterns
-from ratelimitbackend import admin
+from django.contrib import admin
 
 from lms.djangoapps.branding import views as branding_views
 from lms.djangoapps.debug import views as debug_views

openedx/core/djangoapps/oauth_dispatch/dot_overrides/backends.py

@@ -1,20 +1,3 @@
 """
 Custom authentication backends.
 """
-
-
-from django.contrib.auth.backends import AllowAllUsersModelBackend as UserModelBackend
-from ratelimitbackend.backends import RateLimitMixin
-
-
-class EdxRateLimitedAllowAllUsersModelBackend(RateLimitMixin, UserModelBackend):
-    """
-    Authentication backend needed to incorporate rate limiting of login attempts - but also
-    enabling users with is_active of False in the Django auth_user model to still authenticate.
-    This is necessary for mobile users using 3rd party auth who have not activated their accounts,
-    Inactive users who use 1st party auth (username/password auth) will still fail login attempts,
-    just at a higher layer, in the login_user view.
-
-    See: https://openedx.atlassian.net/browse/TNL-4516
-    """
-    pass  # lint-amnesty, pylint: disable=unnecessary-pass