Ratelimit for 1/h allow 2 requests

[brunohkbx]

Why this rate is allowing more than one request per hour?

if is_ratelimited(
   request,
   'invites',
   key=lambda group, request: self.kwargs['pk'],
   rate='1/h',
   increment=True
):
   return Response(status=status.HTTP_429_TOO_MANY_REQUESTS)
else:
   SendInviteEmailService(invite).send_email()
   return Response(status=status.HTTP_200_OK)

[22/Mar/2018 01:03:15] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 200 0
[22/Mar/2018 01:03:16] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 429 0
[22/Mar/2018 01:03:17] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 429 0
[22/Mar/2018 01:13:23] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 429 0
[22/Mar/2018 01:13:24] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 429 0
[22/Mar/2018 01:33:28] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 429 0
[22/Mar/2018 01:33:29] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 429 0
[22/Mar/2018 01:43:32] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 429 0
[22/Mar/2018 01:43:33] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 429 0
[22/Mar/2018 01:43:33] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 429 0
[22/Mar/2018 01:53:36] "POST /api/v1/personal_trainers/1/invites/2/resend_email/ HTTP/1.1" 200 0

[jsocol]

There's a ticket to document this better but this is not surprising behavior. The windows are staggered throughout the hour based on the key so that

1. they don't all expire at once
2. a good actor who tries slightly too soon doesn't get ratelimited indefinitely.

The best description is in the upgrading docs but #120 is about making this more obvious in the docs.

[jsocol]

Please reopen if you're able to reproduce this behavior within an hour after the window reset, though!