From c00aab8ede9add394edc2cbf1bde8985f22e87d6 Mon Sep 17 00:00:00 2001
From: Mateusz Mandera <mateusz.mandera@zulip.com>
Date: Fri, 21 Aug 2020 13:28:14 +0200
Subject: [PATCH] rate_limit: Delete code handling impossible cases with
 request.user.

I can find no evidence of it being possible to get an Exception when
accessing request.user or for it to be falsy. Django should always set
request.user to either a UserProfile (if logged in) or AnonymousUser
instance. Thus, this seems to be dead code that's handling cases that
can't happen.
---
 zerver/decorator.py | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/zerver/decorator.py b/zerver/decorator.py
index 3a51fad7cb..24990a8a1a 100644
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@@ -787,17 +787,7 @@ def rate_limit(domain: str='api_by_user') -> Callable[[ViewFuncT], ViewFuncT]:
             if client_is_exempt_from_rate_limiting(request):
                 return func(request, *args, **kwargs)
 
-            try:
-                user = request.user
-            except Exception:  # nocoverage # See comments below
-                # TODO: This logic is not tested, and I'm not sure we are
-                # doing the right thing here.
-                user = None
-
-            if not user:  # nocoverage # See comments below
-                logging.error("Requested rate-limiting on %s but user is not authenticated!",
-                              func.__name__)
-                return func(request, *args, **kwargs)
+            user = request.user
 
             if isinstance(user, AnonymousUser):  # nocoverage
                 # We can only rate-limit logged-in users for now.