Merge pull request #73 from edx/peter-fogg/anonymous-rate-limiting

Allow rate-limiting for anonymous users.

course_discovery/apps/core/tests/test_throttles.py

@@ -15,7 +15,7 @@ class RateLimitingTest(APITestCase):
 
     def setUp(self):
         super(RateLimitingTest, self).setUp()
-        self.url = reverse('api:v1:catalog-list')
+        self.url = reverse('django.swagger.resources.view')
         self.user = UserFactory()
         self.client.login(username=self.user.username, password=USER_PASSWORD)
 
@@ -48,3 +48,7 @@ class RateLimitingTest(APITestCase):
         self.user.save()
         response = self._make_requests()
         self.assertEqual(response.status_code, 200)
+
+    def test_anonymous_throttling(self):
+        self.client.logout()
+        self.test_rate_limiting()

course_discovery/apps/core/throttles.py

@@ -11,11 +11,12 @@ class OverridableUserRateThrottle(UserRateThrottle):
         user = request.user
         if user.is_superuser:
             return True
-        try:
-            # Override this throttle's rate if applicable
-            user_throttle = UserThrottleRate.objects.get(user=user)
-            self.rate = user_throttle.rate
-            self.num_requests, self.duration = self.parse_rate(self.rate)
-        except UserThrottleRate.DoesNotExist:
-            pass
+        if not user.is_anonymous():
+            try:
+                # Override this throttle's rate if applicable
+                user_throttle = UserThrottleRate.objects.get(user=user)
+                self.rate = user_throttle.rate
+                self.num_requests, self.duration = self.parse_rate(self.rate)
+            except UserThrottleRate.DoesNotExist:
+                pass
         return super(OverridableUserRateThrottle, self).allow_request(request, view)