mirror of
https://github.com/discourse/discourse.git
synced 2024-11-30 10:05:24 +08:00
a6aada16bd
By hard-coding keys, we are not testing the API key system end to end. This change also makes the specs more resilient to upcoming API key changes
83 lines
1.9 KiB
Ruby
83 lines
1.9 KiB
Ruby
# encoding: UTF-8
|
|
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
describe 'rate limiter integration' do
|
|
|
|
before do
|
|
RateLimiter.enable
|
|
RateLimiter.clear_all!
|
|
end
|
|
|
|
after do
|
|
RateLimiter.disable
|
|
end
|
|
|
|
it "will rate limit message bus requests once queueing" do
|
|
freeze_time
|
|
|
|
global_setting :reject_message_bus_queue_seconds, 0.1
|
|
|
|
post "/message-bus/#{SecureRandom.hex}/poll", headers: {
|
|
"HTTP_X_REQUEST_START" => "t=#{Time.now.to_f - 0.2}"
|
|
}
|
|
|
|
expect(response.status).to eq(429)
|
|
expect(response.headers['Retry-After']).to be > 29
|
|
end
|
|
|
|
it "will not rate limit when all is good" do
|
|
freeze_time
|
|
|
|
global_setting :reject_message_bus_queue_seconds, 0.1
|
|
|
|
post "/message-bus/#{SecureRandom.hex}/poll", headers: {
|
|
"HTTP_X_REQUEST_START" => "t=#{Time.now.to_f - 0.05}"
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "will clear the token cookie if invalid" do
|
|
name = Auth::DefaultCurrentUserProvider::TOKEN_COOKIE
|
|
|
|
# we try 11 times because the rate limit is 10
|
|
11.times {
|
|
cookies[name] = SecureRandom.hex
|
|
get '/categories.json'
|
|
expect(response.cookies.has_key?(name)).to eq(true)
|
|
expect(response.cookies[name]).to be_nil
|
|
}
|
|
end
|
|
|
|
it 'can cleanly limit requests and sets a Retry-After header' do
|
|
freeze_time
|
|
#request.set_header("action_dispatch.show_exceptions", true)
|
|
|
|
admin = Fabricate(:admin)
|
|
api_key = Fabricate(:api_key, user: admin)
|
|
|
|
global_setting :max_admin_api_reqs_per_key_per_minute, 1
|
|
|
|
get '/admin/api/keys.json', params: {
|
|
api_key: api_key.key,
|
|
api_username: admin.username
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
get '/admin/api/keys.json', params: {
|
|
api_key: api_key.key,
|
|
api_username: admin.username
|
|
}
|
|
|
|
expect(response.status).to eq(429)
|
|
|
|
data = JSON.parse(response.body)
|
|
|
|
expect(response.headers['Retry-After']).to eq(60)
|
|
expect(data["extras"]["wait_seconds"]).to eq(60)
|
|
end
|
|
end
|