From a865b62efc0f7025f789f4413a03ccacd57db7bb Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sat, 9 Dec 2017 14:20:02 +0100
Subject: Rate limit by user instead of IP when API user is authenticated
 (#5923)

* Fix #668 - Rate limit by user instead of IP when API user is authenticated

* Fix code style issue

* Use request decorator provided by Doorkeeper
---
 app/controllers/concerns/rate_limit_headers.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/concerns/rate_limit_headers.rb b/app/controllers/concerns/rate_limit_headers.rb
index 36cb91075..ac9b58f5d 100644
--- a/app/controllers/concerns/rate_limit_headers.rb
+++ b/app/controllers/concerns/rate_limit_headers.rb
@@ -44,7 +44,8 @@ module RateLimitHeaders
   end
 
   def api_throttle_data
-    request.env['rack.attack.throttle_data']['api']
+    request.env['rack.attack.throttle_data']['throttle_authenticated_api'] ||
+      request.env['rack.attack.throttle_data']['throttle_unauthenticated_api']
   end
 
   def request_time
-- 
cgit