From a1c018823d10e03e4b31a83b7983b7ca83ae8426 Mon Sep 17 00:00:00 2001
From: Waheed Ahmed <waheed.ahmed@arbisoft.com>
Date: Thu, 21 May 2020 16:15:57 +0500
Subject: [PATCH] Increase requests limit for logistration rate limit.

---
 common/djangoapps/util/request_rate_limiter.py            | 8 ++++++++
 openedx/core/djangoapps/user_authn/views/login_form.py    | 4 ++--
 .../user_authn/views/tests/test_logistration.py           | 4 ++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/common/djangoapps/util/request_rate_limiter.py b/common/djangoapps/util/request_rate_limiter.py
index 384ac282769..76ed9379932 100644
--- a/common/djangoapps/util/request_rate_limiter.py
+++ b/common/djangoapps/util/request_rate_limiter.py
@@ -101,3 +101,11 @@ class PasswordResetEmailRateLimiter(RequestRateLimiter):
         """
         for key in self.keys_to_check(request):
             self.cache_incr(key)
+
+
+class LoginAndRegisterRateLimiter(RequestRateLimiter):
+    """
+    Rate limiting backend for login and register endpoint which
+    allows 50 requests per IP for every 5 minutes.
+    """
+    requests = 50
diff --git a/openedx/core/djangoapps/user_authn/views/login_form.py b/openedx/core/djangoapps/user_authn/views/login_form.py
index 1322d2eb441..16e61aab291 100644
--- a/openedx/core/djangoapps/user_authn/views/login_form.py
+++ b/openedx/core/djangoapps/user_authn/views/login_form.py
@@ -35,7 +35,7 @@ from student.helpers import get_next_url_for_login_page
 from third_party_auth import pipeline
 from third_party_auth.decorators import xframe_allow_whitelisted
 from util.password_policy_validators import DEFAULT_MAX_PASSWORD_LENGTH
-from util.request_rate_limiter import BadRequestRateLimiter
+from util.request_rate_limiter import LoginAndRegisterRateLimiter
 
 log = logging.getLogger(__name__)
 
@@ -138,7 +138,7 @@ def login_and_registration_form(request, initial_mode="login"):
 
     """
 
-    limiter = BadRequestRateLimiter()
+    limiter = LoginAndRegisterRateLimiter()
     if limiter.is_rate_limit_exceeded(request):
         log.warning("Rate limit exceeded in login and registration with initial mode [%s]", initial_mode)
         return HttpResponseForbidden("Rate limit exceeded")
diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py b/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py
index 3c0d4881185..3e83c94015f 100644
--- a/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py
+++ b/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py
@@ -75,10 +75,10 @@ class LoginAndRegistrationTest(ThirdPartyAuthTestMixin, UrlResetMixin, ModuleSto
 
     def test_login_and_registration_form_ratelimited(self):
         """
-        Test that login enpoint allow only 30 requests for every 5 minutes.
+        Test that login enpoint allow only 50 requests for every 5 minutes.
         """
         login_url = reverse('signin_user')
-        for i in range(30):
+        for i in range(50):
             response = self.client.get(login_url)
             self.assertEqual(response.status_code, 200)
 
-- 
GitLab