From b2dd53d59934288a06a5122771c6d9b566e6f13e Mon Sep 17 00:00:00 2001
From: Jonathan Cobb <jonathan@kyuss.org>
Date: Fri, 7 Feb 2020 14:28:22 -0500
Subject: [PATCH] check allowUnlimitedUse when user is empty/null. add trace
 logging

---
 .../wizard/filters/RateLimitFilter.java          | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/wizard-server/src/main/java/org/cobbzilla/wizard/filters/RateLimitFilter.java b/wizard-server/src/main/java/org/cobbzilla/wizard/filters/RateLimitFilter.java
index 1c12e89..3122f5a 100644
--- a/wizard-server/src/main/java/org/cobbzilla/wizard/filters/RateLimitFilter.java
+++ b/wizard-server/src/main/java/org/cobbzilla/wizard/filters/RateLimitFilter.java
@@ -59,10 +59,17 @@ public abstract class RateLimitFilter implements ContainerRequestFilter {
         String key;
         final Principal user = empty(request.getSecurityContext()) ? null : request.getSecurityContext().getUserPrincipal();
         if (!empty(user)) {
-            if (allowUnlimitedUse(user, request)) return null;
+            if (allowUnlimitedUse(user, request)) {
+                if (log.isTraceEnabled()) log.trace("getKeys: unlimited use permitted (user="+user+", request.uri=" + request.getUriInfo().getRequestUri().toString() + "), returning null (no keys)");
+                return null;
+            }
             key = user.getName();
-        }
-        else {
+
+        } else if (allowUnlimitedUse(null, request)) {
+            if (log.isTraceEnabled()) log.trace("getKeys: (empty user) unlimited use permitted (request.uri=" + request.getUriInfo().getRequestUri().toString() + "), returning null (no keys)");
+            return null;
+
+        } else {
             final String token = getToken(request);
             if (!empty(token)) key = token;
             else {
@@ -110,6 +117,9 @@ public abstract class RateLimitFilter implements ContainerRequestFilter {
                 log.warn("filter: limit ("+limits.get(i.intValue())+") exceeded for keys: "+StringUtil.toString(keys)+" with url="+request.getUriInfo().getRequestUri().toString());
             }
             throw new WebApplicationException(status(TOO_MANY_REQUESTS));
+
+        } else if (log.isTraceEnabled()) {
+            log.trace("filter: incrementing counter for keys: "+StringUtil.toString(keys)+" with url="+request.getUriInfo().getRequestUri().toString());
         }
     }