rate_limit: Fix missing IP rate limiting on confirmation.

Co-authored-by: Alex Vandiver <alexmv@zulip.com>
This commit is contained in:
Tim Abbott 2021-11-04 10:26:53 -07:00 committed by Tim Abbott
parent 48ba2e7cc6
commit 01e2a495fc
2 changed files with 18 additions and 0 deletions

View File

@ -244,6 +244,13 @@ class RateLimitTests(ZulipTestCase):
self.assert_length(outbox, 0)
@rate_limit_rule(1, 5, domain="sends_email_by_ip")
def test_register_account_rate_limiting(self) -> None:
self.do_test_hit_ratelimits(
lambda: self.client_post("/register/", {"email": "new@zulip.com"}),
is_json=False,
)
@rate_limit_rule(1, 5, domain="sends_email_by_ip")
def test_combined_ip_limits(self) -> None:
# Alternate requests to /new/ and /accounts/find/

View File

@ -668,6 +668,17 @@ def accounts_home(
if request.method == "POST":
form = HomepageForm(request.POST, realm=realm, from_multiuse_invite=from_multiuse_invite)
if form.is_valid():
try:
rate_limit_request_by_ip(request, domain="sends_email_by_ip")
except RateLimited as e:
assert e.secs_to_freedom is not None
return render(
request,
"zerver/rate_limit_exceeded.html",
context={"retry_after": int(e.secs_to_freedom)},
status=429,
)
email = form.cleaned_data["email"]
try: