From 72ea1b7d4fffe8b01dcf61aecdf941acd33b7349 Mon Sep 17 00:00:00 2001
From: Feanil Patel <feanil@edx.org>
Date: Thu, 21 May 2020 11:40:47 -0400
Subject: [PATCH] Revert "Increase requests limit for logistration rate limit."

This reverts commit a1c018823d10e03e4b31a83b7983b7ca83ae8426.
---
 common/djangoapps/util/request_rate_limiter.py            | 8 --------
 openedx/core/djangoapps/user_authn/views/login_form.py    | 4 ++--
 .../user_authn/views/tests/test_logistration.py           | 4 ++--
 3 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/common/djangoapps/util/request_rate_limiter.py b/common/djangoapps/util/request_rate_limiter.py
index 76ed9379932..384ac282769 100644
--- a/common/djangoapps/util/request_rate_limiter.py
+++ b/common/djangoapps/util/request_rate_limiter.py
@@ -101,11 +101,3 @@ class PasswordResetEmailRateLimiter(RequestRateLimiter):
         """
         for key in self.keys_to_check(request):
             self.cache_incr(key)
-
-
-class LoginAndRegisterRateLimiter(RequestRateLimiter):
-    """
-    Rate limiting backend for login and register endpoint which
-    allows 50 requests per IP for every 5 minutes.
-    """
-    requests = 50
diff --git a/openedx/core/djangoapps/user_authn/views/login_form.py b/openedx/core/djangoapps/user_authn/views/login_form.py
index 16e61aab291..1322d2eb441 100644
--- a/openedx/core/djangoapps/user_authn/views/login_form.py
+++ b/openedx/core/djangoapps/user_authn/views/login_form.py
@@ -35,7 +35,7 @@ from student.helpers import get_next_url_for_login_page
 from third_party_auth import pipeline
 from third_party_auth.decorators import xframe_allow_whitelisted
 from util.password_policy_validators import DEFAULT_MAX_PASSWORD_LENGTH
-from util.request_rate_limiter import LoginAndRegisterRateLimiter
+from util.request_rate_limiter import BadRequestRateLimiter
 
 log = logging.getLogger(__name__)
 
@@ -138,7 +138,7 @@ def login_and_registration_form(request, initial_mode="login"):
 
     """
 
-    limiter = LoginAndRegisterRateLimiter()
+    limiter = BadRequestRateLimiter()
     if limiter.is_rate_limit_exceeded(request):
         log.warning("Rate limit exceeded in login and registration with initial mode [%s]", initial_mode)
         return HttpResponseForbidden("Rate limit exceeded")
diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py b/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py
index 3e83c94015f..3c0d4881185 100644
--- a/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py
+++ b/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py
@@ -75,10 +75,10 @@ class LoginAndRegistrationTest(ThirdPartyAuthTestMixin, UrlResetMixin, ModuleSto
 
     def test_login_and_registration_form_ratelimited(self):
         """
-        Test that login enpoint allow only 50 requests for every 5 minutes.
+        Test that login enpoint allow only 30 requests for every 5 minutes.
         """
         login_url = reverse('signin_user')
-        for i in range(50):
+        for i in range(30):
             response = self.client.get(login_url)
             self.assertEqual(response.status_code, 200)
 
-- 
GitLab