Mercurial > p > roundup > code

comparison test/test_actions.py @ 7556:273c8c2b5042

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection. Failed API login rate limiting with expiring lockout added.
author John Rouillard <rouilj@ieee.org>
date Wed, 19 Jul 2023 20:37:45 -0400
parents 9ca5cbffa0c4
children 978285986b2c
comparison
equal deleted inserted replaced
7555:451232f83244 7556:273c8c2b5042
5 from roundup import hyperdb 5 from roundup import hyperdb
6 from roundup.date import Date, Interval 6 from roundup.date import Date, Interval
7 from roundup.cgi.actions import * 7 from roundup.cgi.actions import *
8 from roundup.cgi.client import add_message 8 from roundup.cgi.client import add_message
9 from roundup.cgi.exceptions import Redirect, Unauthorised, SeriousError, FormError 9 from roundup.cgi.exceptions import Redirect, Unauthorised, SeriousError, FormError
10 from roundup.exceptions import Reject 10 from roundup.exceptions import RateLimitExceeded, Reject
11 11
12 from roundup.anypy.cmp_ import NoneAndDictComparable 12 from roundup.anypy.cmp_ import NoneAndDictComparable
13 from time import sleep 13 from time import sleep
14 from datetime import datetime 14 from datetime import datetime
15 15
457 # persists. 457 # persists.
458 for i in range(19): 458 for i in range(19):
459 self.client._error_message = [] 459 self.client._error_message = []
460 self.assertLoginLeavesMessages(['Invalid login']) 460 self.assertLoginLeavesMessages(['Invalid login'])
461 461
462 self.assertRaisesMessage(Reject, LoginAction(self.client).handle, 462 self.assertRaisesMessage(RateLimitExceeded,
463 LoginAction(self.client).handle,
463 'Logins occurring too fast. Please wait: 3 seconds.') 464 'Logins occurring too fast. Please wait: 3 seconds.')
464 465
465 sleep(3) # sleep as requested so we can do another login 466 sleep(3) # sleep as requested so we can do another login
466 self.client._error_message = [] 467 self.client._error_message = []
467 self.assertLoginLeavesMessages(['Invalid login']) # this is expected 468 self.assertLoginLeavesMessages(['Invalid login']) # this is expected
468 469
469 # and make sure we need to wait another three seconds 470 # and make sure we need to wait another three seconds
470 self.assertRaisesMessage(Reject, LoginAction(self.client).handle, 471 self.assertRaisesMessage(RateLimitExceeded,
472 LoginAction(self.client).handle,
471 'Logins occurring too fast. Please wait: 3 seconds.') 473 'Logins occurring too fast. Please wait: 3 seconds.')
472 474
473 def testLoginRateLimitOff(self): 475 def testLoginRateLimitOff(self):
474 ''' Set number of logins to 0 per minute. Verify that 476 ''' Set number of logins to 0 per minute. Verify that
475 we can do 1000 which for manual login might as well be off. 477 we can do 1000 which for manual login might as well be off.
Roundup Issue Tracker: http://roundup-tracker.org/