From feed07227ba9feb8def161dc127033016c749ac5 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Mon, 11 Dec 2017 15:32:29 +0100
Subject: Apply a 25x rate limit by IP even to authenticated requests (#5948)

---
 app/controllers/concerns/rate_limit_headers.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/controllers/concerns/rate_limit_headers.rb b/app/controllers/concerns/rate_limit_headers.rb
index ac9b58f5d..b79c558d8 100644
--- a/app/controllers/concerns/rate_limit_headers.rb
+++ b/app/controllers/concerns/rate_limit_headers.rb
@@ -44,8 +44,8 @@ module RateLimitHeaders
   end
 
   def api_throttle_data
-    request.env['rack.attack.throttle_data']['throttle_authenticated_api'] ||
-      request.env['rack.attack.throttle_data']['throttle_unauthenticated_api']
+    most_limited_type, = request.env['rack.attack.throttle_data'].min_by { |_, v| v[:limit] }
+    request.env['rack.attack.throttle_data'][most_limited_type]
   end
 
   def request_time
-- 
cgit