Mercurial > p > roundup > code

view test/test_token.py @ 5717:cad18de2b988

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2550949: Rate limit password guesses/login attempts. Generic rate limit mechanism added. Deployed for web page logins. Default is 3 login attempts/minute for a user. After which one login attempt every 20 seconds can be done. Uses gcra algorithm so all I need to store is a username and timestamp in the one time key database. This does mean I don't have a list of all failed login attempts as part of the rate limiter. Set up config setting as well so admin can tune the rate. Maybe 1 every 10 seconds is ok at a site with poor typists who need 6 attempts to get the password right 8-). The gcra method can also be used to limit the rest and xmlrpc interfaces if needed. The mechanism I added also supplies a status method that calculates the expected values for http headers returned as part of rate limiting. Also tests added to test all code paths I hope.
author John Rouillard <rouilj@ieee.org>
date Sat, 11 May 2019 17:24:58 -0400
parents 364c54991861
children 6971c9249c6d
line wrap: on
line source

#
# Copyright (c) 2001 Richard Jones
# This module is free software, and you may redistribute it and/or modify
# under the same terms as Python, so long as this copyright message and
# disclaimer are retained in their original form.
#
# This module is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

import unittest, time

from roundup.token import token_split

class TokenTestCase(unittest.TestCase):
    def testValid(self):
        l = token_split('hello world')
        self.assertEqual(l, ['hello', 'world'])

    def testIgnoreExtraSpace(self):
        l = token_split('hello  world ')
        self.assertEqual(l, ['hello', 'world'])

    def testQuoting(self):
        l = token_split('"hello world"')
        self.assertEqual(l, ['hello world'])
        l = token_split("'hello world'")
        self.assertEqual(l, ['hello world'])

    def testEmbedQuote(self):
        l = token_split(r'Roch\'e Compaan')
        self.assertEqual(l, ["Roch'e", "Compaan"])
        l = token_split('address="1 2 3"')
        self.assertEqual(l, ['address=1 2 3'])

    def testEscaping(self):
        l = token_split('"Roch\'e" Compaan')
        self.assertEqual(l, ["Roch'e", "Compaan"])
        l = token_split(r'hello\ world')
        self.assertEqual(l, ['hello world'])
        l = token_split(r'\\')
        self.assertEqual(l, ['\\'])
        l = token_split(r'\n')
        self.assertEqual(l, ['\n'])

    def testBadQuote(self):
        self.assertRaises(ValueError, token_split, '"hello world')
        self.assertRaises(ValueError, token_split, "Roch'e Compaan")

# vim: set filetype=python ts=4 sw=4 et si
Roundup Issue Tracker: http://roundup-tracker.org/