fix: rate limit admin endpoints

[gagantrivedi]

TODO

• https://github.com/Flagsmith/flagsmith/pull/2703/files#r1361535311

Thanks for submitting a PR! Please check the boxes below:

• I have run pre-commit to check linting
• I have filled in the "Changes" section below?
• I have filled in the "How did you test this code" section below?
• I have used a Conventional Commit title for this Pull Request

Changes

Rate limit admin endpoints

How did you test this code?

Adds unit test case

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 18, 2023 4:23am
flagsmith-frontend-preview	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 18, 2023 4:23am
flagsmith-frontend-staging	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 18, 2023 4:23am

[github-actions]

Uffizzi Ephemeral Environment Deploying

☁️ https://app.uffizzi.com/github.com/Flagsmith/flagsmith/pull/2703

⚙️ Updating now by workflow run 6556166072.

What is Uffizzi? Learn more!

[matthewelwell]

Hmm... yeah, I can't work out what's going on here, but if I add a breakpoint here, I can see that the the throttle rate for the "user" scope is being overwritten as 1/minute. I can't quite work out why...

(Pdb) self.cache
<django.core.cache.backends.db.DatabaseCache object at 0x10c094410>
(Pdb) self.get_rate()
'1/minute'
(Pdb) from django.conf import settings
(Pdb) settings.REST_FRAMEWORK
{'DEFAULT_PERMISSION_CLASSES': ['rest_framework.permissions.IsAuthenticated'], 'DEFAULT_AUTHENTICATION_CLASSES': ('rest_framework.authentication.TokenAuthentication', 'api_keys.authentication.MasterAPIKeyAuthentication'), 'PAGE_SIZE': 10, 'UNICODE_JSON': False, 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', 'DEFAULT_THROTTLE_CLASSES': ['core.throttling.DBBackedUserRateThrottle'], 'DEFAULT_THROTTLE_RATES': {'login': '1/sec', 'mfa_code': '5/min', 'invite': '10/min', 'signup': '1000/min', 'user': '1/minute'}, 'DEFAULT_FILTER_BACKENDS': ['django_filters.rest_framework.DjangoFilterBackend'], 'DEFAULT_RENDERER_CLASSES': ['util.renderers.PydanticJSONRenderer', 'rest_framework.renderers.BrowsableAPIRenderer']}
(Pdb) settings.USER_THROTTLE_RATE
'10000/second'

[matthewelwell]

Ah, it's because our tests are not stateless! By setting this value here, all subsequent tests receive that value.

[codecov-commenter]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (5b46cc0) 95.47% compared to head (7eb5e8e) 95.60%.
Report is 87 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2703      +/-   ##
==========================================
+ Coverage   95.47%   95.60%   +0.13%     
==========================================
  Files         986     1009      +23     
  Lines       27709    28904    +1195     
==========================================
+ Hits        26454    27634    +1180     
- Misses       1255     1270      +15     

Files	Coverage Δ
api/api_keys/user.py	94.59% <100.00%> (+0.47%)	⬆️
api/app/settings/common.py	88.15% <100.00%> (+0.32%)	⬆️
api/app/settings/test.py	100.00% <ø> (ø)
api/environments/identities/tests/test_views.py	100.00% <100.00%> (ø)
...environments/identities/traits/tests/test_views.py	100.00% <100.00%> (ø)
api/environments/identities/traits/views.py	82.11% <100.00%> (+0.14%)	⬆️
api/environments/identities/views.py	87.17% <100.00%> (+0.11%)	⬆️
api/environments/models.py	95.43% <ø> (+0.02%)	⬆️
api/environments/sdk/views.py	100.00% <100.00%> (ø)
api/features/tests/test_views.py	100.00% <100.00%> (ø)
... and 3 more

... and 59 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.