From 3e018c25889274dcb177abb75d94a7fe63716e5b Mon Sep 17 00:00:00 2001 From: Sam Date: Sun, 6 Mar 2016 09:51:30 +1100 Subject: [PATCH] FIX: rate limit do/undo on post actions --- app/models/post_action.rb | 10 ++++++++++ spec/models/post_action_spec.rb | 20 ++++++++++++++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/app/models/post_action.rb b/app/models/post_action.rb index d84c9a808..31f221cc9 100644 --- a/app/models/post_action.rb +++ b/app/models/post_action.rb @@ -241,7 +241,14 @@ SQL PostCreator.new(user, opts).create.try(:id) end + def self.limit_action!(user,post,post_action_type_id) + RateLimiter.new(user, "post_action-#{post.id}_#{post_action_type_id}", 4, 1.minute).performed! + end + def self.act(user, post, post_action_type_id, opts = {}) + + limit_action!(user,post,post_action_type_id) + related_post_id = create_message_for_post_action(user, post, post_action_type_id, opts) staff_took_action = opts[:take_action] || false @@ -296,6 +303,9 @@ SQL end def self.remove_act(user, post, post_action_type_id) + + limit_action!(user,post,post_action_type_id) + finder = PostAction.where(post_id: post.id, user_id: user.id, post_action_type_id: post_action_type_id) finder = finder.with_deleted.includes(:post) if user.try(:staff?) if action = finder.first diff --git a/spec/models/post_action_spec.rb b/spec/models/post_action_spec.rb index 9146ad19e..e7a906bc6 100644 --- a/spec/models/post_action_spec.rb +++ b/spec/models/post_action_spec.rb @@ -12,6 +12,24 @@ describe PostAction do let(:second_post) { Fabricate(:post, topic_id: post.topic_id) } let(:bookmark) { PostAction.new(user_id: post.user_id, post_action_type_id: PostActionType.types[:bookmark] , post_id: post.id) } + describe "rate limits" do + + it "limits redo/undo" do + + RateLimiter.stubs(:disabled?).returns(false) + + PostAction.act(eviltrout, post, PostActionType.types[:like]) + PostAction.remove_act(eviltrout, post, PostActionType.types[:like]) + PostAction.act(eviltrout, post, PostActionType.types[:like]) + PostAction.remove_act(eviltrout, post, PostActionType.types[:like]) + + expect { + PostAction.act(eviltrout, post, PostActionType.types[:like]) + }.to raise_error + + end + end + describe "messaging" do it "doesn't generate title longer than 255 characters" do @@ -464,8 +482,6 @@ describe PostAction do end it "prevents user to act twice at the same time" do - post = Fabricate(:post) - # flags are already being tested all_types_except_flags = PostActionType.types.except(PostActionType.flag_types) all_types_except_flags.values.each do |action|