Add an acceptance test for login rate limits, cleanup

This commit is contained in:
Shane Kilkelly 2017-01-16 11:46:59 +00:00
parent 25956d4c62
commit 635b935acc
2 changed files with 37 additions and 1 deletions

View file

@ -19,7 +19,6 @@ module.exports = RateLimiter =
if err? if err?
return callback(err) return callback(err)
allowed = timeLeft == 0 allowed = timeLeft == 0
console.log ">> limit", namespace, k, timeLeft, actionsLeft, ", allowed", allowed
callback(null, allowed) callback(null, allowed)
clearRateLimit: (endpointName, subject, callback) -> clearRateLimit: (endpointName, subject, callback) ->

View file

@ -1,9 +1,11 @@
expect = require("chai").expect expect = require("chai").expect
assert = require("chai").assert
async = require("async") async = require("async")
User = require "./helpers/User" User = require "./helpers/User"
request = require "./helpers/request" request = require "./helpers/request"
settings = require "settings-sharelatex" settings = require "settings-sharelatex"
redis = require "./helpers/redis" redis = require "./helpers/redis"
_ = require 'lodash'
@ -32,6 +34,41 @@ tryLoginThroughRegistrationForm = (user, email, password, callback=(err, respons
}, callback }, callback
describe "LoginRateLimit", ->
before ->
@user = new User()
@badEmail = 'bademail@example.com'
@badPassword = 'badpassword'
it 'should rate limit login attempts after 10 within two minutes', (done) ->
@user.request.get '/login', (err, res, body) =>
async.timesSeries(
15
, (n, cb) =>
@user.getCsrfToken (error) =>
return cb(error) if error?
@user.request.post {
url: "/login"
json:
email: @badEmail
password: @badPassword
}, (err, response, body) =>
cb(null, body?.message?.text)
, (err, results) =>
# ten incorrect-credentials messages, then five rate-limit messages
expect(results.length).to.equal 15
assert.deepEqual(
results,
_.concat(
_.fill([1..10], 'Your email or password is incorrect. Please try again'),
_.fill([1..5], 'This account has had too many login requests. Please wait 2 minutes before trying to log in again')
)
)
done()
)
describe "LoginViaRegistration", -> describe "LoginViaRegistration", ->
before (done) -> before (done) ->