Page MenuHomePhorge
Files F117754706

D5175.1775200548.diff
No OneTemporary
Actions

Authored By
Unknown
Size
6 KB
Referenced Files
None
Subscribers
None

D5175.1775200548.diff
View Options

diff --git a/src/app/Http/Controllers/API/V4/PolicyController.php b/src/app/Http/Controllers/API/V4/PolicyController.php
--- a/src/app/Http/Controllers/API/V4/PolicyController.php
+++ b/src/app/Http/Controllers/API/V4/PolicyController.php
@@ -6,6 +6,7 @@
use App\Policy\Mailfilter\RequestHandler as Mailfilter;
use App\Policy\RateLimit;
use App\Policy\RateLimitWhitelist;
+use App\Transaction;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Validator;
@@ -160,11 +161,17 @@
return response()->json(['response' => 'DUNNO'], 200);
}
- // exempt owners that have made at least two payments and currently maintain a positive balance.
+ // exempt owners that currently maintain a positive balance and made any payments.
+ // Because there might be users that pay via external methods (and don't have Payment records)
+ // we can't check only the Payments table. Instead we assume that a credit/award transaction
+ // is enough to consider the user a "paying user" for purpose of the rate limit.
if ($wallet->balance > 0) {
- $payments = $wallet->payments()->where('amount', '>', 0)->where('status', 'paid');
+ $isPayer = $wallet->transactions()
+ ->whereIn('type', [Transaction::WALLET_AWARD, Transaction::WALLET_CREDIT])
+ ->where('amount', '>', 0)
+ ->exists();
- if ($payments->count() >= 2) {
+ if ($isPayer) {
return response()->json(['response' => 'DUNNO'], 200);
}
}
diff --git a/src/tests/Feature/Stories/RateLimitTest.php b/src/tests/Feature/Stories/RateLimitTest.php
--- a/src/tests/Feature/Stories/RateLimitTest.php
+++ b/src/tests/Feature/Stories/RateLimitTest.php
@@ -2,13 +2,12 @@
namespace Tests\Feature\Stories;
-use App\Payment;
use App\Policy\RateLimit;
+use App\Transaction;
use Illuminate\Support\Facades\DB;
use Tests\TestCase;
/**
- * @group slow
* @group data
* @group ratelimit
*/
@@ -21,12 +20,12 @@
$this->setUpTest();
$this->useServicesUrl();
- Payment::query()->delete();
+ Transaction::query()->delete();
}
public function tearDown(): void
{
- Payment::query()->delete();
+ Transaction::query()->delete();
parent::tearDown();
}
@@ -163,25 +162,6 @@
{
$wallet = $this->publicDomainUser->wallets()->first();
- // Ensure there are no payments for the wallet
- Payment::where('wallet_id', $wallet->id)->delete();
-
- $payment = [
- 'id' => \App\Utils::uuidInt(),
- 'status' => Payment::STATUS_PAID,
- 'type' => Payment::TYPE_ONEOFF,
- 'description' => 'Paid in March',
- 'wallet_id' => $wallet->id,
- 'provider' => 'stripe',
- 'amount' => 1111,
- 'credit_amount' => 1111,
- 'currency_amount' => 1111,
- 'currency' => 'CHF',
- ];
-
- Payment::create($payment);
- $wallet->credit(1111);
-
$request = [
'sender' => $this->publicDomainUser->email,
'recipients' => ['someone@test.domain']
@@ -200,12 +180,10 @@
$response = $this->post('api/webhooks/policy/ratelimit', $request);
$response->assertStatus(403);
- // create a second payment
- $payment['id'] = \App\Utils::uuidInt();
- Payment::create($payment);
+ // create a credit transaction
$wallet->credit(1111);
- // the tenth request should now be allowed
+ // the next request should now be allowed
$response = $this->post('api/webhooks/policy/ratelimit', $request);
$response->assertStatus(200);
}
@@ -217,9 +195,6 @@
{
$wallet = $this->publicDomainUser->wallets()->first();
- // Ensure there are no payments for the wallet
- Payment::where('wallet_id', $wallet->id)->delete();
-
$wallet->discount()->associate(\App\Discount::where('description', 'Free Account')->first());
$wallet->save();
@@ -282,25 +257,6 @@
{
$wallet = $this->publicDomainUser->wallets()->first();
- // Ensure there are no payments for the wallet
- Payment::where('wallet_id', $wallet->id)->delete();
-
- $payment = [
- 'id' => \App\Utils::uuidInt(),
- 'status' => Payment::STATUS_PAID,
- 'type' => Payment::TYPE_ONEOFF,
- 'description' => 'Paid in March',
- 'wallet_id' => $wallet->id,
- 'provider' => 'stripe',
- 'amount' => 1111,
- 'credit_amount' => 1111,
- 'currency_amount' => 1111,
- 'currency' => 'CHF',
- ];
-
- Payment::create($payment);
- $wallet->credit(1111);
-
$request = [
'sender' => $this->publicDomainUser->email,
'recipients' => []
@@ -330,10 +286,7 @@
$response->assertStatus(403);
- $payment['id'] = \App\Utils::uuidInt();
-
- Payment::create($payment);
- $wallet->credit(1111);
+ $wallet->award(1111);
// the tenth request should now be allowed
$response = $this->post('api/webhooks/policy/ratelimit', $request);
@@ -426,25 +379,6 @@
{
$wallet = $this->domainOwner->wallets()->first();
- // Ensure there are no payments for the wallet
- Payment::where('wallet_id', $wallet->id)->delete();
-
- $payment = [
- 'id' => \App\Utils::uuidInt(),
- 'status' => Payment::STATUS_PAID,
- 'type' => Payment::TYPE_ONEOFF,
- 'description' => 'Paid in March',
- 'wallet_id' => $wallet->id,
- 'provider' => 'stripe',
- 'amount' => 1111,
- 'credit_amount' => 1111,
- 'currency_amount' => 1111,
- 'currency' => 'CHF',
- ];
-
- Payment::create($payment);
- $wallet->credit(1111);
-
$request = [
'sender' => $this->domainOwner->email,
'recipients' => []
@@ -473,9 +407,7 @@
$response = $this->post('api/webhooks/policy/ratelimit', $request);
$response->assertStatus(403);
- // create a second payment
- $payment['id'] = \App\Utils::uuidInt();
- Payment::create($payment);
+ $wallet->credit(1111);
$response = $this->post('api/webhooks/policy/ratelimit', $request);
$response->assertStatus(200);

File Metadata

Mime Type
text/plain
Expires
Fri, Apr 3, 7:15 AM (9 h, 27 m ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18822979
Default Alt Text
D5175.1775200548.diff (6 KB)

Event Timeline