github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-18 17:02:45 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: rate limit topic invitations

Browse Source
This commit is contained in:
Arpit Jalan 2015-05-13 12:34:05 +05:30
parent 8b77f57acb
commit 4324a157e0
4 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/models/topic.rb
View File

@ -557,12 +557,17 @@ class Topic < ActiveRecord::Base
end end
if username_or_email =~ /^.+@.+$/ && !SiteSetting.enable_sso if username_or_email =~ /^.+@.+$/ && !SiteSetting.enable_sso
# rate limit topic invite
RateLimiter.new(invited_by, "topic-invitations-per-day", SiteSetting.max_topic_invitations_per_day, 1.day.to_i).performed!
# NOTE callers expect an invite object if an invite was sent via email # NOTE callers expect an invite object if an invite was sent via email
invite_by_email(invited_by, username_or_email, group_ids) invite_by_email(invited_by, username_or_email, group_ids)
else else
# invite existing member to a topic # invite existing member to a topic
user = User.find_by_username(username_or_email) user = User.find_by_username(username_or_email)
if user && topic_allowed_users.create!(user_id: user.id) if user && topic_allowed_users.create!(user_id: user.id)
# rate limit topic invite
RateLimiter.new(invited_by, "topic-invitations-per-day", SiteSetting.max_topic_invitations_per_day, 1.day.to_i).performed!
# Notify the user they've been invited # Notify the user they've been invited
user.notifications.create(notification_type: Notification.types[:invited_to_topic], user.notifications.create(notification_type: Notification.types[:invited_to_topic],

1
config/locales/server.en.yml
View File

@ -933,6 +933,7 @@ en:
max_topics_per_day: "Maximum number of topics a user can create per day." max_topics_per_day: "Maximum number of topics a user can create per day."
max_private_messages_per_day: "Maximum number of messages users can create per day." max_private_messages_per_day: "Maximum number of messages users can create per day."
max_invites_per_day: "Maximum number of invites a user can send per day." max_invites_per_day: "Maximum number of invites a user can send per day."
max_topic_invitations_per_day: "Maximum number of topic invitations a user can send per day."
suggested_topics: "Number of suggested topics shown at the bottom of a topic." suggested_topics: "Number of suggested topics shown at the bottom of a topic."
limit_suggested_to_category: "Only show topics from the current category in suggested topics." limit_suggested_to_category: "Only show topics from the current category in suggested topics."

1
config/site_settings.yml
View File

@ -675,6 +675,7 @@ rate_limits:
max_flags_per_day: 20 max_flags_per_day: 20
max_edits_per_day: 30 max_edits_per_day: 30
max_invites_per_day: 10 max_invites_per_day: 10
max_topic_invitations_per_day: 30
max_topics_in_first_day: 5 max_topics_in_first_day: 5
max_replies_in_first_day: 10 max_replies_in_first_day: 10
tl2_additional_likes_per_day_multiplier: 1.5 tl2_additional_likes_per_day_multiplier: 1.5

23
spec/models/topic_spec.rb
View File

@ -371,6 +371,29 @@ describe Topic do
end end
it "rate limits topic invitations" do
SiteSetting.stubs(:max_topic_invitations_per_day).returns(2)
RateLimiter.stubs(:disabled?).returns(false)
RateLimiter.clear_all!
start = Time.now.tomorrow.beginning_of_day
freeze_time(start)
user = Fabricate(:user)
topic = Fabricate(:topic)
freeze_time(start + 10.minutes)
topic.invite(topic.user, user.username)
freeze_time(start + 20.minutes)
topic.invite(topic.user, "walter@white.com")
freeze_time(start + 30.minutes)
expect {
topic.invite(topic.user, "user@example.com")
}.to raise_exception
end
context 'bumping topics' do context 'bumping topics' do