Mercurial > p > roundup > code
comparison test/test_liveserver.py @ 7151:a9be849d4dd2
disable and fix errors in test_rest_login_rate_limit
The test is testing functionality that doesn't yet exist.
So disable for now.
Also with tightening of origin checks in rev: 72a54826ff4f add origin
header to options requests.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 21 Feb 2023 18:07:37 -0500 |
| parents | 72a54826ff4f |
| children | 765222ef4cec |
comparison
equal
deleted
inserted
replaced
| 7150:72a54826ff4f | 7151:a9be849d4dd2 |
|---|---|
| 614 print(f.status_code) | 614 print(f.status_code) |
| 615 print(f.headers) | 615 print(f.headers) |
| 616 | 616 |
| 617 self.assertEqual(f.status_code, 404) | 617 self.assertEqual(f.status_code, 404) |
| 618 | 618 |
| 619 def test_rest_login_rate_limit(self): | 619 def DISABLEtest_rest_login_rate_limit(self): |
| 620 """login rate limit applies to api endpoints. Only failure | 620 """login rate limit applies to api endpoints. Only failure |
| 621 logins count though. So log in 10 times in a row | 621 logins count though. So log in 10 times in a row |
| 622 to verify that valid username/passwords aren't limited. | 622 to verify that valid username/passwords aren't limited. |
| 623 | |
| 624 FIXME: client.py does not implement this. Also need a live | |
| 625 server instance that has | |
| 626 | |
| 627 cls.db.config.WEB_LOGIN_ATTEMPTS_MIN = 4 | |
| 628 | |
| 629 not 0. | |
| 623 """ | 630 """ |
| 624 | 631 |
| 625 for i in range(10): | 632 for i in range(10): |
| 626 # use basic auth for rest endpoint | 633 # use basic auth for rest endpoint |
| 627 | 634 |
| 628 f = requests.options(self.url_base() + '/rest/data', | 635 f = requests.options(self.url_base() + '/rest/data', |
| 629 auth=('admin', 'sekrit'), | 636 auth=('admin', 'sekrit'), |
| 630 headers = {'content-type': ""} | 637 headers = {'content-type': "", |
| 638 'Origin': "http://localhost:9001",} | |
| 631 ) | 639 ) |
| 632 print(f.status_code) | 640 print(f.status_code) |
| 633 print(f.headers) | 641 print(f.headers) |
| 634 | 642 |
| 635 self.assertEqual(f.status_code, 204) | 643 self.assertEqual(f.status_code, 204) |
| 643 for i in range(10): | 651 for i in range(10): |
| 644 # use basic auth for rest endpoint | 652 # use basic auth for rest endpoint |
| 645 | 653 |
| 646 f = requests.options(self.url_base() + '/rest/data', | 654 f = requests.options(self.url_base() + '/rest/data', |
| 647 auth=('admin', 'ekrit'), | 655 auth=('admin', 'ekrit'), |
| 648 headers = {'content-type': ""} | 656 headers = {'content-type': "", |
| 657 'Origin': "http://localhost:9001",} | |
| 649 ) | 658 ) |
| 650 print(i, f.status_code) | 659 print(i, f.status_code) |
| 651 print(f.headers) | 660 print(f.headers) |
| 652 print(f.text) | 661 print(f.text) |
| 653 | 662 |
| 654 self.assertEqual(f.status_code, 401) | 663 if (i < 3): # assuming limit is 4. |
| 664 self.assertEqual(f.status_code, 401) | |
| 665 else: | |
| 666 self.assertEqual(f.status_code, 429) | |
| 655 | 667 |
| 656 def test_ims(self): | 668 def test_ims(self): |
| 657 ''' retreive the user_utils.js file with old and new | 669 ''' retreive the user_utils.js file with old and new |
| 658 if-modified-since timestamps. | 670 if-modified-since timestamps. |
| 659 ''' | 671 ''' |