Mercurial > p > roundup > code
diff test/test_liveserver.py @ 7151:a9be849d4dd2
disable and fix errors in test_rest_login_rate_limit
The test is testing functionality that doesn't yet exist.
So disable for now.
Also with tightening of origin checks in rev: 72a54826ff4f add origin
header to options requests.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 21 Feb 2023 18:07:37 -0500 |
| parents | 72a54826ff4f |
| children | 765222ef4cec |
line wrap: on
line diff
--- a/test/test_liveserver.py Tue Feb 21 16:42:20 2023 -0500 +++ b/test/test_liveserver.py Tue Feb 21 18:07:37 2023 -0500 @@ -616,10 +616,17 @@ self.assertEqual(f.status_code, 404) - def test_rest_login_rate_limit(self): + def DISABLEtest_rest_login_rate_limit(self): """login rate limit applies to api endpoints. Only failure logins count though. So log in 10 times in a row to verify that valid username/passwords aren't limited. + + FIXME: client.py does not implement this. Also need a live + server instance that has + + cls.db.config.WEB_LOGIN_ATTEMPTS_MIN = 4 + + not 0. """ for i in range(10): @@ -627,7 +634,8 @@ f = requests.options(self.url_base() + '/rest/data', auth=('admin', 'sekrit'), - headers = {'content-type': ""} + headers = {'content-type': "", + 'Origin': "http://localhost:9001",} ) print(f.status_code) print(f.headers) @@ -645,13 +653,17 @@ f = requests.options(self.url_base() + '/rest/data', auth=('admin', 'ekrit'), - headers = {'content-type': ""} + headers = {'content-type': "", + 'Origin': "http://localhost:9001",} ) print(i, f.status_code) print(f.headers) print(f.text) - self.assertEqual(f.status_code, 401) + if (i < 3): # assuming limit is 4. + self.assertEqual(f.status_code, 401) + else: + self.assertEqual(f.status_code, 429) def test_ims(self): ''' retreive the user_utils.js file with old and new