Repository: allura Updated Branches: refs/heads/master 612eccae9 -> b3027e3d5
[#8195] Add more test coverage to for rate limiting Project: http://git-wip-us.apache.org/repos/asf/allura/repo Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/b3027e3d Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/b3027e3d Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/b3027e3d Branch: refs/heads/master Commit: b3027e3d593f50e0e24ee63140a44002f63bc61f Parents: 612ecca Author: Kenton Taylor <ktay...@slashdotmedia.com> Authored: Mon Mar 12 12:57:59 2018 -0400 Committer: Kenton Taylor <ktay...@slashdotmedia.com> Committed: Mon Mar 12 12:57:59 2018 -0400 ---------------------------------------------------------------------- Allura/allura/tests/functional/test_discuss.py | 2 +- Allura/allura/tests/test_helpers.py | 34 +++++++++++++++++++- Allura/development.ini | 3 +- .../tests/functional/test_forum.py | 12 ++++++- 4 files changed, 47 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/allura/blob/b3027e3d/Allura/allura/tests/functional/test_discuss.py ---------------------------------------------------------------------- diff --git a/Allura/allura/tests/functional/test_discuss.py b/Allura/allura/tests/functional/test_discuss.py index 50eecd6..5a31272 100644 --- a/Allura/allura/tests/functional/test_discuss.py +++ b/Allura/allura/tests/functional/test_discuss.py @@ -131,7 +131,7 @@ class TestDiscuss(TestDiscussBase): assert submit_spam.call_args[0] == ( 'This is a new post',), submit_spam.call_args[0] - def test_rate_limit(self): + def test_rate_limit_comments(self): with h.push_config(config, **{'allura.rate_limits_per_user': '{"3600": 2}'}): for i in range(0, 2): r = self._make_post('This is a post {}'.format(i)) http://git-wip-us.apache.org/repos/asf/allura/blob/b3027e3d/Allura/allura/tests/test_helpers.py ---------------------------------------------------------------------- diff --git a/Allura/allura/tests/test_helpers.py b/Allura/allura/tests/test_helpers.py index e7ace1c..68dd7e3 100644 --- a/Allura/allura/tests/test_helpers.py +++ b/Allura/allura/tests/test_helpers.py @@ -25,7 +25,7 @@ import time import PIL from mock import Mock, patch from pylons import tmpl_context as c -from nose.tools import eq_, assert_equals +from nose.tools import eq_, assert_equals, assert_raises from IPython.testing.decorators import skipif, module_not_available from datadiff import tools as dd from webob import Request @@ -34,6 +34,7 @@ from ming.orm import ThreadLocalORMSession from jinja2 import Markup from allura import model as M +from allura.lib import exceptions as exc from allura.lib import helpers as h from allura.lib.search import inject_user from allura.lib.security import has_access @@ -613,3 +614,34 @@ def test_slugify(): assert_equals(h.slugify(u'Foo.Bar')[0], 'Foo-Bar') assert_equals(h.slugify(u'Foo.Bar', True)[0], 'Foo.Bar') + +class TestRateLimit(TestCase): + rate_limits = '{"60": 1, "120": 3, "900": 5, "1800": 7, "3600": 10, "7200": 15, "86400": 20, "604800": 50, "2592000": 200}' + key_comment = 'allura.rate_limits_per_user' + + def test(self): + # Keys are number of seconds, values are max number allowed until that time period is reached + with h.push_config(h.tg.config, **{self.key_comment: self.rate_limits}): + now = datetime.utcnow() + + start_date = now - timedelta(seconds=30) + h.rate_limit(self.key_comment, 0, start_date) + with assert_raises(exc.RatelimitError): + h.rate_limit(self.key_comment, 1, start_date) + + start_date = now - timedelta(seconds=61) + h.rate_limit(self.key_comment, 1, start_date) + h.rate_limit(self.key_comment, 2, start_date) + with assert_raises(exc.RatelimitError): + h.rate_limit(self.key_comment, 3, start_date) + + start_date = now - timedelta(seconds=86301) + h.rate_limit(self.key_comment, 19, start_date) + with assert_raises(exc.RatelimitError): + h.rate_limit(self.key_comment, 20, start_date) + + start_date = now - timedelta(seconds=86401) + h.rate_limit(self.key_comment, 21, start_date) + h.rate_limit(self.key_comment, 49, start_date) + with assert_raises(exc.RatelimitError): + h.rate_limit(self.key_comment, 50, start_date) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/allura/blob/b3027e3d/Allura/development.ini ---------------------------------------------------------------------- diff --git a/Allura/development.ini b/Allura/development.ini index 0aa0bcd..a5f6ddf 100644 --- a/Allura/development.ini +++ b/Allura/development.ini @@ -533,7 +533,8 @@ forgemail.domain = .in.localhost ;forgewiki.rate_limits_per_user = {"60": 3, "120": 3, "900": 5, "1800": 7, "3600": 10, "7200": 15, "86400": 20, "604800": 50, "2592000": 200} ;forgetracker.rate_limits_per_user = {"60": 1, "120": 3, "900": 5, "1800": 7, "3600": 10, "7200": 15, "86400": 20, "604800": 50, "2592000": 200} ;forgeblog.rate_limits_per_user = {"60": 1, "120": 3, "900": 5, "1800": 7, "3600": 10, "7200": 15, "86400": 20, "604800": 50, "2592000": 200} -;allura.rate_limits_per_user = {"60": 1, "120": 3, "900": 5, "1800": 7, "3600": 10, "7200": 15, "86400": 20, "604800": 50, "2592000": 200} +;allura.rate_limits_per_user = {"60": 1, "120": 3, "900": 5, "1800": 7, "3600": 10, "7200": 15, "86400": 20, "604800": 50, "2592000": 200} +;forgediscussion.rate_limits_per_user = {"3600": 1, "86400": 2, "172800": 4, "604800": 10, "2592000": 25} ; set this to "false" if you are deploying to production and want performance improvements http://git-wip-us.apache.org/repos/asf/allura/blob/b3027e3d/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py ---------------------------------------------------------------------- diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py b/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py index 929fc7f..838aa00 100644 --- a/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py +++ b/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py @@ -29,8 +29,9 @@ import pymongo from ming.odm import ThreadLocalORMSession from pylons import tmpl_context as c +from tg import config -from nose.tools import assert_equal, assert_in, assert_not_in, assert_true, assert_false +from nose.tools import assert_equal, assert_in, assert_not_in, assert_true, assert_false, assert_raises import feedparser from allura import model as M @@ -467,6 +468,15 @@ class TestForum(TestController): assert 'noreply' not in n.reply_to_address, n assert 'testfo...@discussion.test.p' in n.reply_to_address, n + def test_new_topic_rate_limit(self): + with h.push_config(config, **{'forgediscussion.rate_limits_per_user': '{"3600": 1}'}): + # first one should succeed + self.test_posting() + + # second should fail + with assert_raises(Exception): + self.test_posting() + def test_notifications_escaping(self): r = self.app.get('/discussion/create_topic/') f = r.html.find(