FIX: Incorrect rate limit applied to topics invitation flow.
This commit is contained in:
Guo Xiang Tan
parent
5a462b930d
commit
947b6fdf46
|
|
@ -477,15 +477,6 @@ class TopicsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def invite
|
def invite
|
||||||
unless guardian.is_staff?
|
|
||||||
RateLimiter.new(
|
|
||||||
current_user,
|
|
||||||
"topic-invitations-per-day",
|
|
||||||
SiteSetting.max_topic_invitations_per_day,
|
|
||||||
1.day.to_i
|
|
||||||
).performed!
|
|
||||||
end
|
|
||||||
|
|
||||||
topic = Topic.find_by(id: params[:topic_id])
|
topic = Topic.find_by(id: params[:topic_id])
|
||||||
raise Discourse::InvalidParameters.new unless topic
|
raise Discourse::InvalidParameters.new unless topic
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -802,6 +802,8 @@ SQL
|
||||||
|
|
||||||
true
|
true
|
||||||
elsif username_or_email =~ /^.+@.+$/ && Guardian.new(invited_by).can_invite_via_email?(self)
|
elsif username_or_email =~ /^.+@.+$/ && Guardian.new(invited_by).can_invite_via_email?(self)
|
||||||
|
rate_limit_topic_invitation(invited_by)
|
||||||
|
|
||||||
if target_user
|
if target_user
|
||||||
Invite.extend_permissions(self, target_user, invited_by)
|
Invite.extend_permissions(self, target_user, invited_by)
|
||||||
|
|
||||||
|
|
@ -815,7 +817,10 @@ SQL
|
||||||
end
|
end
|
||||||
|
|
||||||
true
|
true
|
||||||
elsif target_user && topic_allowed_users.create!(user_id: target_user.id)
|
elsif target_user &&
|
||||||
|
rate_limit_topic_invitation(invited_by) &&
|
||||||
|
topic_allowed_users.create!(user_id: target_user.id)
|
||||||
|
|
||||||
create_invite_notification!(
|
create_invite_notification!(
|
||||||
target_user,
|
target_user,
|
||||||
Notification.types[:invited_to_topic],
|
Notification.types[:invited_to_topic],
|
||||||
|
|
@ -1296,6 +1301,17 @@ SQL
|
||||||
}.to_json
|
}.to_json
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def rate_limit_topic_invitation(invited_by)
|
||||||
|
RateLimiter.new(
|
||||||
|
invited_by,
|
||||||
|
"topic-invitations-per-day",
|
||||||
|
SiteSetting.max_topic_invitations_per_day,
|
||||||
|
1.day.to_i
|
||||||
|
).performed!
|
||||||
|
|
||||||
|
true
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# == Schema Information
|
# == Schema Information
|
||||||
|
|
|
||||||
|
|
@ -469,6 +469,35 @@ describe Topic do
|
||||||
let(:topic) { Fabricate(:topic, user: user) }
|
let(:topic) { Fabricate(:topic, user: user) }
|
||||||
let(:another_user) { Fabricate(:user) }
|
let(:another_user) { Fabricate(:user) }
|
||||||
|
|
||||||
|
context 'rate limits' do
|
||||||
|
before do
|
||||||
|
SiteSetting.max_topic_invitations_per_day = 2
|
||||||
|
RateLimiter.enable
|
||||||
|
end
|
||||||
|
|
||||||
|
after do
|
||||||
|
RateLimiter.clear_all!
|
||||||
|
RateLimiter.disable
|
||||||
|
end
|
||||||
|
|
||||||
|
it "rate limits topic invitations" do
|
||||||
|
|
||||||
|
start = Time.now.tomorrow.beginning_of_day
|
||||||
|
freeze_time(start)
|
||||||
|
|
||||||
|
user = Fabricate(:user)
|
||||||
|
trust_level_2 = Fabricate(:user, trust_level: 2)
|
||||||
|
topic = Fabricate(:topic, user: trust_level_2)
|
||||||
|
|
||||||
|
topic.invite(topic.user, user.username)
|
||||||
|
topic.invite(topic.user, "walter@white.com")
|
||||||
|
|
||||||
|
expect {
|
||||||
|
topic.invite(topic.user, "user@example.com")
|
||||||
|
}.to raise_error(RateLimiter::LimitExceeded)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'when username_or_email is not valid' do
|
describe 'when username_or_email is not valid' do
|
||||||
it 'should return the right value' do
|
it 'should return the right value' do
|
||||||
expect do
|
expect do
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue