Add support for reduced initial build count for new possible abusing users

If configured, we now check the IP address of the user signing up and, if they are a possible threat, we further reduce their number of allowed maximum builds to the configured value.
2018-04-20 18:01:05 +03:00 · 2018-04-20 18:01:05 +03:00 · 3309daa32e
commit 3309daa32e
parent 8d5e8fc685
7 changed files with 81 additions and 28 deletions
--- a/endpoints/api/organization.py
+++ b/endpoints/api/organization.py
@ -6,7 +6,8 @@ from flask import request

 import features

-from app import billing as stripe, avatar, all_queues, authentication, namespace_gc_queue
+from app import (billing as stripe, avatar, all_queues, authentication, namespace_gc_queue,
+                 ip_resolver)
 from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
                           related_user_resource, internal_only, require_user_admin, log_action,
                           show_if, path_param, require_scope, require_fresh_login)
@ -111,9 +112,11 @@ class OrganizationList(ApiResource):
    if features.MAILING and not org_data.get('email'):
      raise request_error(message='Email address is required')

+    is_possible_abuser = ip_resolver.is_ip_possible_threat(request.remote_addr)
    try:
      model.organization.create_organization(org_data['name'], org_data.get('email'), user,
-                                             email_required=features.MAILING)
+                                             email_required=features.MAILING,
+                                             is_possible_abuser=is_possible_abuser)
      return 'Created', 201
    except model.DataModelException as ex:
      raise request_error(exception=ex)