Fix unlimited rate limit on APIs not working for users with settings.

An API with an unlimited rate limit mode was not being applied when a
user had been edited in the admin and had a default rate limit selected.
In this case, the "null" value for the rate_limit_mode at the user-level
was overwriting the "unlimited" value that should have been taking
precedent at the API level.

lib/gatekeeper/middleware/api_key_validator.js

@@ -99,6 +99,13 @@ _.extend(ApiKeyValidatorRequest.prototype, {
         this.request.apiUmbrellaGatekeeper.user = user;
 
         if(user.settings) {
+          // Delete a "null" value for a user-specific rate limit mode, since
+          // we don't want that to overwrite the API-specific settings during
+          // the settings merge.
+          if(user.settings.rate_limit_mode === null) {
+            delete user.settings.rate_limit_mode;
+          }
+
           request.apiUmbrellaGatekeeper.originalUserSettings = cloneDeep(user.settings);
           mergeOverwriteArrays(request.apiUmbrellaGatekeeper.settings, user.settings);
         }

test/server/rate_limiting.js

@@ -740,6 +740,21 @@ describe('ApiUmbrellaGatekeper', function() {
       });
 
       itBehavesLikeUnlimitedRateLimits('/hello', 5);
+
+      describe('user with settings object present, but null rate_limit mode', function() {
+        beforeEach(function setupApiUser(done) {
+          Factory.create('api_user', {
+            settings: {
+              rate_limit_mode: null,
+            }
+          }, function(user) {
+            this.apiKey = user.api_key;
+            done();
+          }.bind(this));
+        });
+
+        itBehavesLikeUnlimitedRateLimits('/hello', 5);
+      });
     });
 
     describe('api specific limits', function() {