From 1d5a95facb0a5bff9851886ea3d7a59c390e639f Mon Sep 17 00:00:00 2001
From: uzairr <uzairr@yahoo.com>
Date: Fri, 9 Apr 2021 15:26:51 +0500
Subject: [PATCH] Add independent ratelimit setting for forms

Currently, login and registration forms and view to log the user in
are sharing same ratelimit settings which is causing too much noise
while rendering forms.This PR will introduce a separate
setting for logistration forms.

VAN-436
---
 cms/envs/common.py                                     | 1 +
 lms/envs/common.py                                     | 1 +
 lms/envs/production.py                                 | 3 +++
 lms/envs/test.py                                       | 1 +
 openedx/core/djangoapps/user_authn/views/login_form.py | 2 +-
 5 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/cms/envs/common.py b/cms/envs/common.py
index 6ec831517b..a44715c0ca 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -2368,6 +2368,7 @@ DISABLE_DEPRECATED_SIGNUP_URL = False
 LOGISTRATION_RATELIMIT_RATE = '100/5m'
 LOGISTRATION_PER_EMAIL_RATELIMIT_RATE = '30/5m'
 LOGISTRATION_API_RATELIMIT = '20/m'
+LOGIN_AND_REGISTER_FORM_RATELIMIT = '100/5m'
 RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT = '30/7d'
 RESET_PASSWORD_API_RATELIMIT = '30/7d'
 
diff --git a/lms/envs/common.py b/lms/envs/common.py
index faf00d0ac1..f7ea356e93 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -4410,6 +4410,7 @@ RATELIMIT_RATE = '120/m'
 LOGISTRATION_RATELIMIT_RATE = '100/5m'
 LOGISTRATION_PER_EMAIL_RATELIMIT_RATE = '30/5m'
 LOGISTRATION_API_RATELIMIT = '20/m'
+LOGIN_AND_REGISTER_FORM_RATELIMIT = '100/5m'
 RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT = '30/7d'
 RESET_PASSWORD_API_RATELIMIT = '30/7d'
 
diff --git a/lms/envs/production.py b/lms/envs/production.py
index bf32883127..ff0cdd8bc7 100644
--- a/lms/envs/production.py
+++ b/lms/envs/production.py
@@ -601,6 +601,9 @@ MAX_FAILED_LOGIN_ATTEMPTS_LOCKOUT_PERIOD_SECS = ENV_TOKENS.get(
 ##### LOGISTRATION RATE LIMIT SETTINGS #####
 LOGISTRATION_RATELIMIT_RATE = ENV_TOKENS.get('LOGISTRATION_RATELIMIT_RATE', LOGISTRATION_RATELIMIT_RATE)
 LOGISTRATION_API_RATELIMIT = ENV_TOKENS.get('LOGISTRATION_API_RATELIMIT', LOGISTRATION_API_RATELIMIT)
+LOGIN_AND_REGISTER_FORM_RATELIMIT = ENV_TOKENS.get(
+    'LOGIN_AND_REGISTER_FORM_RATELIMIT', LOGIN_AND_REGISTER_FORM_RATELIMIT
+)
 RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT = ENV_TOKENS.get(
     'RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT', RESET_PASSWORD_TOKEN_VALIDATE_API_RATELIMIT
 )
diff --git a/lms/envs/test.py b/lms/envs/test.py
index 930dae6f3e..9a4101a14f 100644
--- a/lms/envs/test.py
+++ b/lms/envs/test.py
@@ -590,6 +590,7 @@ RATELIMIT_RATE = '2/m'
 LOGISTRATION_RATELIMIT_RATE = '5/5m'
 LOGISTRATION_PER_EMAIL_RATELIMIT_RATE = '6/5m'
 LOGISTRATION_API_RATELIMIT = '5/m'
+LOGIN_AND_REGISTER_FORM_RATELIMIT = '5/5m'
 
 REGISTRATION_VALIDATION_RATELIMIT = '5/minute'
 REGISTRATION_RATELIMIT = '5/minute'
diff --git a/openedx/core/djangoapps/user_authn/views/login_form.py b/openedx/core/djangoapps/user_authn/views/login_form.py
index 66c4dc8812..3c29df6ddc 100644
--- a/openedx/core/djangoapps/user_authn/views/login_form.py
+++ b/openedx/core/djangoapps/user_authn/views/login_form.py
@@ -130,7 +130,7 @@ def get_login_session_form(request):
 @require_http_methods(['GET'])
 @ratelimit(
     key='openedx.core.djangoapps.util.ratelimit.real_ip',
-    rate=settings.LOGISTRATION_RATELIMIT_RATE,
+    rate=settings.LOGIN_AND_REGISTER_FORM_RATELIMIT,
     method='GET',
     block=True
 )