From 1cebd3ed7bc1646792ec273532135cf0540ac14b Mon Sep 17 00:00:00 2001
From: Usama Sadiq <usama.sadiq@arbisoft.com>
Date: Thu, 24 Mar 2022 17:21:56 +0500
Subject: [PATCH] Remove django-ratelimit-backend (#30054)

* fix: remove the usage of django-ratelimit-backend

Co-authored-by: Awais Qureshi <awais.qureshi@arbisoft.com>
---
 cms/envs/common.py                            |  7 +----
 cms/envs/test.py                              |  5 +++-
 cms/urls.py                                   |  2 +-
 .../djangoapps/util/request_rate_limiter.py   | 27 -------------------
 lms/envs/common.py                            |  7 +----
 lms/urls.py                                   |  2 +-
 .../oauth_dispatch/dot_overrides/backends.py  | 17 ------------
 7 files changed, 8 insertions(+), 59 deletions(-)

diff --git a/cms/envs/common.py b/cms/envs/common.py
index e4f050aa17..fe1dbb0a08 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -663,7 +663,7 @@ AUTHENTICATION_BACKENDS = [
     'auth_backends.backends.EdXOAuth2',
     'rules.permissions.ObjectPermissionBackend',
     'openedx.core.djangoapps.content_libraries.auth.LtiAuthenticationBackend',
-    'openedx.core.djangoapps.oauth_dispatch.dot_overrides.backends.EdxRateLimitedAllowAllUsersModelBackend',
+    'django.contrib.auth.backends.AllowAllUsersModelBackend',
     'bridgekeeper.backends.RulePermissionBackend',
 ]
 
@@ -810,9 +810,6 @@ MIDDLEWARE = [
 
     'codejail.django_integration.ConfigureCodeJailMiddleware',
 
-    # catches any uncaught RateLimitExceptions and returns a 403 instead of a 500
-    'ratelimitbackend.middleware.RateLimitMiddleware',
-
     # for expiring inactive sessions
     'openedx.core.djangoapps.session_inactivity_timeout.middleware.SessionInactivityTimeout',
 
@@ -1688,8 +1685,6 @@ INSTALLED_APPS = [
     # Learning Sequence Navigation
     'openedx.core.djangoapps.content.learning_sequences.apps.LearningSequencesConfig',
 
-    'ratelimitbackend',
-
     # Database-backed Organizations App (http://github.com/edx/edx-organizations)
     'organizations',
 
diff --git a/cms/envs/test.py b/cms/envs/test.py
index aaf7feb969..e58b8ea20b 100644
--- a/cms/envs/test.py
+++ b/cms/envs/test.py
@@ -283,7 +283,10 @@ FEATURES['ENABLE_TEAMS'] = True
 SECRET_KEY = '85920908f28904ed733fe576320db18cabd7b6cd'
 
 ######### custom courses #########
-INSTALLED_APPS.append('openedx.core.djangoapps.ccxcon.apps.CCXConnectorConfig')
+INSTALLED_APPS += [
+    'openedx.core.djangoapps.ccxcon.apps.CCXConnectorConfig',
+    'common.djangoapps.third_party_auth.apps.ThirdPartyAuthConfig',
+]
 FEATURES['CUSTOM_COURSES_EDX'] = True
 
 ########################## VIDEO IMAGE STORAGE ############################
diff --git a/cms/urls.py b/cms/urls.py
index 3facddf0bf..541e2aee85 100644
--- a/cms/urls.py
+++ b/cms/urls.py
@@ -10,7 +10,7 @@ from django.urls import path, re_path
 from django.utils.translation import gettext_lazy as _
 from auth_backends.urls import oauth2_urlpatterns
 from edx_api_doc_tools import make_docs_urls
-from ratelimitbackend import admin
+from django.contrib import admin
 
 import openedx.core.djangoapps.common_views.xblock
 import openedx.core.djangoapps.debug.views
diff --git a/common/djangoapps/util/request_rate_limiter.py b/common/djangoapps/util/request_rate_limiter.py
index cc2ad663e0..a9e9b6312e 100644
--- a/common/djangoapps/util/request_rate_limiter.py
+++ b/common/djangoapps/util/request_rate_limiter.py
@@ -2,30 +2,3 @@
 A utility class which wraps the RateLimitMixin 3rd party class to do bad request counting
 which can be used for rate limiting
 """
-
-from ratelimitbackend.backends import RateLimitMixin
-
-
-class RequestRateLimiter(RateLimitMixin):
-    """
-    Use the 3rd party RateLimitMixin to help do rate limiting.
-    """
-    def is_rate_limit_exceeded(self, request):
-        """
-        Returns if the client has been rated limited
-        """
-        counts = self.get_counters(request)
-        return sum(counts.values()) >= self.requests
-
-    def tick_request_counter(self, request):
-        """
-        Ticks any counters used to compute when rate limt has been reached
-        """
-        self.cache_incr(self.get_cache_key(request))
-
-
-class BadRequestRateLimiter(RequestRateLimiter):
-    """
-    Default rate limit is 30 requests for every 5 minutes.
-    """
-    pass  # lint-amnesty, pylint: disable=unnecessary-pass
diff --git a/lms/envs/common.py b/lms/envs/common.py
index b9acb1094c..876dde9d0c 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -1273,7 +1273,7 @@ DEFAULT_TEMPLATE_ENGINE_DIRS = DEFAULT_TEMPLATE_ENGINE['DIRS'][:]
 
 AUTHENTICATION_BACKENDS = [
     'rules.permissions.ObjectPermissionBackend',
-    'openedx.core.djangoapps.oauth_dispatch.dot_overrides.backends.EdxRateLimitedAllowAllUsersModelBackend',
+    'django.contrib.auth.backends.AllowAllUsersModelBackend',
     'bridgekeeper.backends.RulePermissionBackend',
 ]
 
@@ -2145,9 +2145,6 @@ MIDDLEWARE = [
     'lms.djangoapps.discussion.django_comment_client.utils.ViewNameMiddleware',
     'codejail.django_integration.ConfigureCodeJailMiddleware',
 
-    # catches any uncaught RateLimitExceptions and returns a 403 instead of a 500
-    'ratelimitbackend.middleware.RateLimitMiddleware',
-
     # for expiring inactive sessions
     'openedx.core.djangoapps.session_inactivity_timeout.middleware.SessionInactivityTimeout',
 
@@ -3198,8 +3195,6 @@ INSTALLED_APPS = [
     # Learning Sequence Navigation
     'openedx.core.djangoapps.content.learning_sequences.apps.LearningSequencesConfig',
 
-    'ratelimitbackend',
-
     # Database-backed Organizations App (http://github.com/edx/edx-organizations)
     'organizations',
 
diff --git a/lms/urls.py b/lms/urls.py
index 0f249a379b..c1362779df 100644
--- a/lms/urls.py
+++ b/lms/urls.py
@@ -12,7 +12,7 @@ from django.utils.translation import gettext_lazy as _
 from django.views.generic.base import RedirectView
 from edx_api_doc_tools import make_docs_urls
 from edx_django_utils.plugins import get_plugin_url_patterns
-from ratelimitbackend import admin
+from django.contrib import admin
 
 from lms.djangoapps.branding import views as branding_views
 from lms.djangoapps.debug import views as debug_views
diff --git a/openedx/core/djangoapps/oauth_dispatch/dot_overrides/backends.py b/openedx/core/djangoapps/oauth_dispatch/dot_overrides/backends.py
index 96f0141d65..d115a3a5ec 100644
--- a/openedx/core/djangoapps/oauth_dispatch/dot_overrides/backends.py
+++ b/openedx/core/djangoapps/oauth_dispatch/dot_overrides/backends.py
@@ -1,20 +1,3 @@
 """
 Custom authentication backends.
 """
-
-
-from django.contrib.auth.backends import AllowAllUsersModelBackend as UserModelBackend
-from ratelimitbackend.backends import RateLimitMixin
-
-
-class EdxRateLimitedAllowAllUsersModelBackend(RateLimitMixin, UserModelBackend):
-    """
-    Authentication backend needed to incorporate rate limiting of login attempts - but also
-    enabling users with is_active of False in the Django auth_user model to still authenticate.
-    This is necessary for mobile users using 3rd party auth who have not activated their accounts,
-    Inactive users who use 1st party auth (username/password auth) will still fail login attempts,
-    just at a higher layer, in the login_user view.
-
-    See: https://openedx.atlassian.net/browse/TNL-4516
-    """
-    pass  # lint-amnesty, pylint: disable=unnecessary-pass