Added throttling to token generation (Closes #48)

[demestav]

As the #48 issue describes, it is beneficial to optionally throttle the token generation, to prevent accidental or malicious abuse of the token delivery medium.

The current state of this pull request is functional but not fully tested. If the maintainer sees some value to this, I could use some feedback to finalize this.

[psagers]

Looks like a good start.

If the interaction between GenerationThrottlingMixin and SideChannelDevice gets complicated, it might worth considering whether singledispatch could be used to cut through some of the MRO subtleties.

[demestav]

Thank you for the quick response and feedback. I will respond to each comment in their respective dialog.

If the interaction between GenerationThrottlingMixin and SideChannelDevice gets complicated, it might worth considering whether singledispatch could be used to cut through some of the MRO subtleties.

Let's see how it turns out with the Mixin, and we reconsider.

[psagers]

Is generate_token guaranteed to exist on all devices? This appears to be a secret dependency on SideChannelDevice.

[demestav]

This should be resolved now.

[psagers]

I'll take another look at this once it includes documentation and test coverage.

[demestav]

I'll take another look at this once it includes documentation and test coverage.

I will re-request a review once I have something ready.

[demestav]

Had to rebase to resolve conflicts with master. Re-requesting review. @psagers Are you interested in proceeding with this?

[psagers]

Structurally, this is looking pretty solid. I added a few suggestions for fixes and cleanup. And of course there's still the documentation.

Remember to run hatch run check (and, if necessary, hatch run fix) before checking in.

[psagers]

Should dt_now be self.last_generated_timestamp here?

[demestav]

Indeed! I have corrected it (dbc3fb5) and added a test for the message as well.

[psagers]

It looks like this is based on ThrottlingTestMixin, which makes sense. However, it's asserting on len(mail.outbox), which is email-specific. This will presumably need at least one abstract method to actually be generic.

[demestav]

I agree. I have added generic tests and moved email specific tests to the email test file (29ebe3e).

[psagers]

This test should work in practice as-is, but would it make sense to use this context for the entire method body? The point is to control time for the whole sequence of operations.

[demestav]

Yes, it makes perfect sense. I have corrected this in all tests (29ebe3e).

[psagers]

This method is now doing two big things. Perhaps it's time to move the body of if generate_allowed: into a private method for clarity. See https://github.com/django-otp/django-otp-twilio/blob/9e1aab519c926a3d281292d549ce2040c821fe1a/src/otp_twilio/models.py#L55, e.g.

[demestav]

Created a private method for that part (dbe61d7).

[demestav]

Remember to run hatch run check (and, if necessary, hatch run fix) before checking in.

Yes, sorry about that, will do.

I added a few suggestions for fixes and cleanup.

Thank you for the feedback. I believe I have addressed all open issues and commented on relevant conversations above.

And of course there's still the documentation.

I used ThrottlingMixin as a guide and replicated for this Mixin. I was not sure whether generate_is_allowed should be listed in "members" in the "Helpers" sections.

Please note

• I have renamed the feature as Cooldown to avoid reusing the word "Throttling" which is used in the ThrottlingMixin and to shorten the name a bit. I believe CooldownMixin is a more appropriate name for this feature.
• I have set the default value for email cooldown to 60 seconds.

[psagers]

Almost there, I think. There's a critical bug in the email integration making it a noop. Also, liberal use of self.device.refresh_from_db() or equivalent in the tests will allow them to catch these sorts of bugs.

[psagers]

This never gets saved. As importantly, the tests aren't catching this (see companion note in the tests).

(Hint: try swapping these two lines. Adding the technically redundant commit=True will help to highlight the fact that you're relying on generate_token to save the model instance for you.)

[demestav]

There's a critical bug in the email integration

Indeed, I missed this. I have added cooldown_set method to the mixin to keep it consistent, and updated the email integration code.

liberal use of self.device.refresh_from_db() or equivalent in the tests will allow them to catch these sorts of bugs.

I have updated the tests.

[psagers]

Looks like it's ready. Thanks for all the work.

[demestav]

Looks like it's ready. Thanks for all the work.

I am glad we got this through! Thank you for your valuable feedback and patience.

@psagers I know this is merged now, but it occurred to me that maybe the default value for OTP_EMAIL_COOLDOWN_DURATION should have been 0 in order to disable the cooldown feature by default? The reason I am suggesting this, is that people that are already using the email plugin, and upgrade, and they are unware of this feature, they will unintentionally activate cooldown which might affect how their application works.

[psagers]

I considered that, although OTP_EMAIL_THROTTLE_FACTOR also has a default value, so it's consistent. 60 seconds isn't a very aggressive cooldown and I noted the new behavior in the changelog, so erring on the side of safety seems reasonable here.