rate_limit: Delete code handling impossible cases with request.user.

I can find no evidence of it being possible to get an Exception when accessing request.user or for it to be falsy. Django should always set request.user to either a UserProfile (if logged in) or AnonymousUser instance. Thus, this seems to be dead code that's handling cases that can't happen.
2025-11-02 21:13:36 +00:00 · 2020-08-21 13:28:14 +02:00
parent 46a86e218e
commit c00aab8ede
1 changed files with 1 additions and 11 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@@ -787,17 +787,7 @@ def rate_limit(domain: str='api_by_user') -> Callable[[ViewFuncT], ViewFuncT]:
            if client_is_exempt_from_rate_limiting(request):
                return func(request, *args, **kwargs)

-            try:
-                user = request.user
-            except Exception:  # nocoverage # See comments below
-                # TODO: This logic is not tested, and I'm not sure we are
-                # doing the right thing here.
-                user = None
-
-            if not user:  # nocoverage # See comments below
-                logging.error("Requested rate-limiting on %s but user is not authenticated!",
-                              func.__name__)
-                return func(request, *args, **kwargs)
+            user = request.user

            if isinstance(user, AnonymousUser):  # nocoverage
                # We can only rate-limit logged-in users for now.