2020-11-30 06:13:22 +08:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This file is part of Flarum.
|
|
|
|
*
|
|
|
|
* For detailed copyright and license information, please view the
|
|
|
|
* LICENSE file that was distributed with this source code.
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace Flarum\Tests\integration\extenders;
|
|
|
|
|
|
|
|
use Flarum\Extend;
|
2021-03-08 05:32:41 +08:00
|
|
|
use Flarum\Testing\integration\RetrievesAuthorizedUsers;
|
|
|
|
use Flarum\Testing\integration\TestCase;
|
2020-11-30 06:13:22 +08:00
|
|
|
|
|
|
|
class ThrottleApiTest extends TestCase
|
|
|
|
{
|
|
|
|
use RetrievesAuthorizedUsers;
|
|
|
|
|
2021-01-07 11:34:32 +08:00
|
|
|
/**
|
|
|
|
* @inheritDoc
|
|
|
|
*/
|
|
|
|
protected function setUp(): void
|
2020-11-30 06:13:22 +08:00
|
|
|
{
|
2021-01-07 11:34:32 +08:00
|
|
|
parent::setUp();
|
|
|
|
|
2020-11-30 06:13:22 +08:00
|
|
|
$this->prepareDatabase([
|
|
|
|
'users' => [
|
|
|
|
$this->normalUser(),
|
|
|
|
]
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function list_discussions_not_restricted_by_default()
|
|
|
|
{
|
|
|
|
$response = $this->send($this->request('GET', '/api/discussions', ['authenticatedAs' => 2]));
|
|
|
|
|
|
|
|
$this->assertEquals(200, $response->getStatusCode());
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function list_discussions_can_be_restricted()
|
|
|
|
{
|
|
|
|
$this->extend((new Extend\ThrottleApi)->set('blockListDiscussions', function ($request) {
|
|
|
|
if ($request->getAttribute('routeName') === 'discussions.index') {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}));
|
2020-12-02 08:33:24 +08:00
|
|
|
|
2020-11-30 06:13:22 +08:00
|
|
|
$response = $this->send($this->request('GET', '/api/discussions', ['authenticatedAs' => 2]));
|
|
|
|
|
|
|
|
$this->assertEquals(429, $response->getStatusCode());
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function false_overrides_true_for_evaluating_throttlers()
|
|
|
|
{
|
2020-12-02 08:33:24 +08:00
|
|
|
$this->extend(
|
|
|
|
(new Extend\ThrottleApi)->set('blockListDiscussions', function ($request) {
|
|
|
|
if ($request->getAttribute('routeName') === 'discussions.index') {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}),
|
|
|
|
(new Extend\ThrottleApi)->set('blockListDiscussionsOverride', function ($request) {
|
|
|
|
if ($request->getAttribute('routeName') === 'discussions.index') {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
})
|
|
|
|
);
|
|
|
|
|
2020-11-30 06:13:22 +08:00
|
|
|
$response = $this->send($this->request('GET', '/api/discussions', ['authenticatedAs' => 2]));
|
|
|
|
|
|
|
|
$this->assertEquals(200, $response->getStatusCode());
|
|
|
|
}
|
2021-05-11 05:41:38 +08:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function throttling_applies_to_api_client()
|
|
|
|
{
|
|
|
|
$this->extend((new Extend\ThrottleApi)->set('blockRegistration', function ($request) {
|
|
|
|
if ($request->getAttribute('routeName') === 'users.create') {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}));
|
|
|
|
|
|
|
|
$response = $this->send($this->request('POST', '/register')->withAttribute('bypassCsrfToken', true));
|
|
|
|
|
|
|
|
$this->assertEquals(429, $response->getStatusCode());
|
|
|
|
}
|
2020-11-30 06:13:22 +08:00
|
|
|
}
|