From 16ac5126cbc8a1a03b9eaee26a36864eab0087cc Mon Sep 17 00:00:00 2001
From: Eric Mc Sween <eric.mcsween@overleaf.com>
Date: Thu, 26 Sep 2019 10:15:58 -0400
Subject: [PATCH] Merge pull request #2181 from
 overleaf/sk-exclude-smoketest-user-from-rate-limits

Exclude smokeTest user from rate limits

GitOrigin-RevId: 01197ce9971477550e73989067adc631189382b1
---
 .../Security/RateLimiterMiddleware.js         |  9 ++++++
 .../Security/RateLimiterMiddlewareTests.js    | 30 +++++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/services/web/app/src/Features/Security/RateLimiterMiddleware.js b/services/web/app/src/Features/Security/RateLimiterMiddleware.js
index 2701bc9e8b..4212543684 100644
--- a/services/web/app/src/Features/Security/RateLimiterMiddleware.js
+++ b/services/web/app/src/Features/Security/RateLimiterMiddleware.js
@@ -15,6 +15,7 @@ let RateLimiterMiddleware
 const RateLimiter = require('../../infrastructure/RateLimiter')
 const logger = require('logger-sharelatex')
 const AuthenticationController = require('../Authentication/AuthenticationController')
+const settings = require('settings-sharelatex')
 
 module.exports = RateLimiterMiddleware = {
   /*
@@ -31,6 +32,14 @@ module.exports = RateLimiterMiddleware = {
   rateLimit(opts) {
     return function(req, res, next) {
       const user_id = AuthenticationController.getLoggedInUserId(req) || req.ip
+      if (
+        settings.smokeTest &&
+        settings.smokeTest.userId &&
+        settings.smokeTest.userId.toString() === user_id.toString()
+      ) {
+        // ignore smoke test user
+        return next()
+      }
       const params = (opts.params || []).map(p => req.params[p])
       params.push(user_id)
       let subjectName = params.join(':')
diff --git a/services/web/test/unit/src/Security/RateLimiterMiddlewareTests.js b/services/web/test/unit/src/Security/RateLimiterMiddlewareTests.js
index fd0b99844f..57c369a8e4 100644
--- a/services/web/test/unit/src/Security/RateLimiterMiddlewareTests.js
+++ b/services/web/test/unit/src/Security/RateLimiterMiddlewareTests.js
@@ -37,6 +37,7 @@ describe('RateLimiterMiddleware', function() {
         console: console
       },
       requires: {
+        'settings-sharelatex': (this.settings = {}),
         '../../infrastructure/RateLimiter': (this.RateLimiter = {}),
         'logger-sharelatex': (this.logger = { warn: sinon.stub() }),
         '../Authentication/AuthenticationController': this
@@ -87,6 +88,35 @@ describe('RateLimiterMiddleware', function() {
       it('should pass on to next()', function() {})
     })
 
+    describe('when smoke test user', function() {
+      beforeEach(function() {
+        this.req.session = {
+          user: {
+            _id: (this.user_id = 'smoke-test-user-id')
+          }
+        }
+        this.settings.smokeTest = { userId: this.user_id }
+        this.RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
+        return this.rateLimiter(this.req, this.res, this.next)
+      })
+
+      it('should not call the rate limiter backend with the user_id', function() {
+        this.RateLimiter.addCount
+          .calledWith({
+            endpointName: 'test-endpoint',
+            timeInterval: 42,
+            throttle: 12,
+            subjectName: `${this.project_id}:${this.doc_id}:${this.user_id}`
+          })
+          .should.equal(false)
+        this.RateLimiter.addCount.callCount.should.equal(0)
+      })
+
+      it('should pass on to next()', function() {
+        return this.next.called.should.equal(true)
+      })
+    })
+
     describe('when under the rate limit with logged in user', function() {
       beforeEach(function() {
         this.req.session = {