about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-12-09 14:20:02 +0100
committerGitHub <noreply@github.com>2017-12-09 14:20:02 +0100
commita865b62efc0f7025f789f4413a03ccacd57db7bb (patch)
treefd5e9a005e7788b906129ea2f57b480b77a1f056 /app
parent84cebad49d388a807bfc1f09cad825c6b9469883 (diff)
Rate limit by user instead of IP when API user is authenticated (#5923)
* Fix #668 - Rate limit by user instead of IP when API user is authenticated

* Fix code style issue

* Use request decorator provided by Doorkeeper
Diffstat (limited to 'app')
-rw-r--r--app/controllers/concerns/rate_limit_headers.rb3
1 files changed, 2 insertions, 1 deletions
diff --git a/app/controllers/concerns/rate_limit_headers.rb b/app/controllers/concerns/rate_limit_headers.rb
index 36cb91075..ac9b58f5d 100644
--- a/app/controllers/concerns/rate_limit_headers.rb
+++ b/app/controllers/concerns/rate_limit_headers.rb
@@ -44,7 +44,8 @@ module RateLimitHeaders
   end
 
   def api_throttle_data
-    request.env['rack.attack.throttle_data']['api']
+    request.env['rack.attack.throttle_data']['throttle_authenticated_api'] ||
+      request.env['rack.attack.throttle_data']['throttle_unauthenticated_api']
   end
 
   def request_time