Merge pull request #27292 from edx/add-separate-ratelimit-var

Add independent ratelimit setting for forms
2021-04-10 14:46:53 +05:00
parent 369713d11e 1d5a95facb
commit 488069f0cf
5 changed files with 7 additions and 1 deletions
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -2368,6 +2368,7 @@ DISABLE_DEPRECATED_SIGNUP_URL = False
 LOGISTRATION_RATELIMIT_RATE = '100/5m'
 LOGISTRATION_PER_EMAIL_RATELIMIT_RATE = '30/5m'
 LOGISTRATION_API_RATELIMIT = '20/m'
+LOGIN_AND_REGISTER_FORM_RATELIMIT = '100/5m'
 RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT = '30/7d'
 RESET_PASSWORD_API_RATELIMIT = '30/7d'

--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -4410,6 +4410,7 @@ RATELIMIT_RATE = '120/m'
 LOGISTRATION_RATELIMIT_RATE = '100/5m'
 LOGISTRATION_PER_EMAIL_RATELIMIT_RATE = '30/5m'
 LOGISTRATION_API_RATELIMIT = '20/m'
+LOGIN_AND_REGISTER_FORM_RATELIMIT = '100/5m'
 RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT = '30/7d'
 RESET_PASSWORD_API_RATELIMIT = '30/7d'

--- a/lms/envs/production.py
+++ b/lms/envs/production.py
@@ -601,6 +601,9 @@ MAX_FAILED_LOGIN_ATTEMPTS_LOCKOUT_PERIOD_SECS = ENV_TOKENS.get(
 ##### LOGISTRATION RATE LIMIT SETTINGS #####
 LOGISTRATION_RATELIMIT_RATE = ENV_TOKENS.get('LOGISTRATION_RATELIMIT_RATE', LOGISTRATION_RATELIMIT_RATE)
 LOGISTRATION_API_RATELIMIT = ENV_TOKENS.get('LOGISTRATION_API_RATELIMIT', LOGISTRATION_API_RATELIMIT)
+LOGIN_AND_REGISTER_FORM_RATELIMIT = ENV_TOKENS.get(
+    'LOGIN_AND_REGISTER_FORM_RATELIMIT', LOGIN_AND_REGISTER_FORM_RATELIMIT
+)
 RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT = ENV_TOKENS.get(
    'RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT', RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT
 )
--- a/lms/envs/test.py
+++ b/lms/envs/test.py
@@ -590,6 +590,7 @@ RATELIMIT_RATE = '2/m'
 LOGISTRATION_RATELIMIT_RATE = '5/5m'
 LOGISTRATION_PER_EMAIL_RATELIMIT_RATE = '6/5m'
 LOGISTRATION_API_RATELIMIT = '5/m'
+LOGIN_AND_REGISTER_FORM_RATELIMIT = '5/5m'

 REGISTRATION_VALIDATION_RATELIMIT = '5/minute'
 REGISTRATION_RATELIMIT = '5/minute'
--- a/openedx/core/djangoapps/user_authn/views/login_form.py
+++ b/openedx/core/djangoapps/user_authn/views/login_form.py
@@ -130,7 +130,7 @@ def get_login_session_form(request):
@require_http_methods(['GET'])
@ratelimit(
    key='openedx.core.djangoapps.util.ratelimit.real_ip',
-    rate=settings.LOGISTRATION_RATELIMIT_RATE,
+    rate=settings.LOGIN_AND_REGISTER_FORM_RATELIMIT,
    method='GET',
    block=True
 )