Rate limit allow_last_scanned

This commit is contained in:
Tanner Collin 2021-11-28 21:43:24 +00:00
parent 822cb9ec5c
commit 07559714ff
2 changed files with 22 additions and 2 deletions

View File

@ -3,6 +3,7 @@ logger = logging.getLogger(__name__)
from django.contrib.auth.models import User, Group
from django.shortcuts import get_object_or_404
from django.utils.timezone import now
from rest_framework import serializers
from rest_framework.exceptions import ValidationError
from rest_framework.validators import UniqueValidator
@ -10,7 +11,7 @@ from rest_auth.registration.serializers import RegisterSerializer
from rest_auth.serializers import PasswordChangeSerializer, PasswordResetSerializer, PasswordResetConfirmSerializer, LoginSerializer
from rest_auth.serializers import UserDetailsSerializer
import re
import time
import datetime, time
from . import models, fields, utils, utils_ldap, utils_auth, utils_stats
from .. import settings, secrets
@ -236,6 +237,20 @@ class MemberSerializer(serializers.ModelSerializer):
logger.info(msg)
raise ValidationError(dict(discourse_username='Invalid Discourse username.'))
if validated_data.get('allow_last_scanned', None) == True:
changed = validated_data['allow_last_scanned'] != instance.allow_last_scanned
ONE_WEEK = now() - datetime.timedelta(days=7)
if changed and models.HistoryChange.objects.filter(
field='allow_last_scanned',
index__history_user__member__id=instance.id,
index__owner_id=instance.id,
index__history_date__gte=ONE_WEEK,
).count() >= 6:
msg = 'Member allow_last_scanned rate limit exceeded by: ' + instance.first_name + ' ' + instance.last_name
utils.alert_tanner(msg)
logger.info(msg)
raise ValidationError(dict(allow_last_scanned='You\'re doing that too often.'))
return super().update(instance, validated_data)
# admin viewing member details

View File

@ -266,11 +266,16 @@ export function AccountForm(props) {
<Form.Field>
<label>Participate in "Last Scanned" member list?</label>
<Checkbox
<Form.Checkbox
label='Yes, show me'
name='allow_last_scanned'
onChange={handleCheck}
checked={input.allow_last_scanned}
error={error.allow_last_scanned ?
{ content: error.allow_last_scanned, pointing: 'left' }
:
false
}
/>
</Form.Field>