From a5056b3fccc818c9e5ab9dbcaeedaf8f97c0251b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?=
 <acasajus@users.noreply.github.com>
Date: Thu, 27 Oct 2022 13:37:45 +0200
Subject: [PATCH] Fix: Use source ip if user is not authenticated (#1379)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Fix: Use source ip if user is not authenticated

* Fix lint

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
---
 app/parallel_limiter.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/parallel_limiter.py b/app/parallel_limiter.py
index e288abc0..e71ebef5 100644
--- a/app/parallel_limiter.py
+++ b/app/parallel_limiter.py
@@ -3,6 +3,7 @@ from datetime import timedelta
 from functools import wraps
 from typing import Callable, Any, Optional
 
+from flask import request
 from flask_login import current_user
 from limits.storage import RedisStorage
 from werkzeug import exceptions
@@ -52,7 +53,10 @@ class _InnerLock:
                 return f(*args, **kwargs)
 
             lock_value = str(uuid.uuid4())[:10]
-            lock_name = f"cl:{current_user.id}:{lock_suffix}"
+            if "id" in dir(current_user):
+                lock_name = f"cl:{current_user.id}:{lock_suffix}"
+            else:
+                lock_name = f"cl:{request.remote_addr}:{lock_suffix}"
             self.acquire_lock(lock_name, lock_value)
             try:
                 return f(*args, **kwargs)