mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
Add an acceptance test for login rate limits, cleanup
This commit is contained in:
parent
25956d4c62
commit
635b935acc
2 changed files with 37 additions and 1 deletions
|
@ -19,7 +19,6 @@ module.exports = RateLimiter =
|
|||
if err?
|
||||
return callback(err)
|
||||
allowed = timeLeft == 0
|
||||
console.log ">> limit", namespace, k, timeLeft, actionsLeft, ", allowed", allowed
|
||||
callback(null, allowed)
|
||||
|
||||
clearRateLimit: (endpointName, subject, callback) ->
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
expect = require("chai").expect
|
||||
assert = require("chai").assert
|
||||
async = require("async")
|
||||
User = require "./helpers/User"
|
||||
request = require "./helpers/request"
|
||||
settings = require "settings-sharelatex"
|
||||
redis = require "./helpers/redis"
|
||||
_ = require 'lodash'
|
||||
|
||||
|
||||
|
||||
|
@ -32,6 +34,41 @@ tryLoginThroughRegistrationForm = (user, email, password, callback=(err, respons
|
|||
}, callback
|
||||
|
||||
|
||||
describe "LoginRateLimit", ->
|
||||
|
||||
before ->
|
||||
@user = new User()
|
||||
@badEmail = 'bademail@example.com'
|
||||
@badPassword = 'badpassword'
|
||||
|
||||
it 'should rate limit login attempts after 10 within two minutes', (done) ->
|
||||
@user.request.get '/login', (err, res, body) =>
|
||||
async.timesSeries(
|
||||
15
|
||||
, (n, cb) =>
|
||||
@user.getCsrfToken (error) =>
|
||||
return cb(error) if error?
|
||||
@user.request.post {
|
||||
url: "/login"
|
||||
json:
|
||||
email: @badEmail
|
||||
password: @badPassword
|
||||
}, (err, response, body) =>
|
||||
cb(null, body?.message?.text)
|
||||
, (err, results) =>
|
||||
# ten incorrect-credentials messages, then five rate-limit messages
|
||||
expect(results.length).to.equal 15
|
||||
assert.deepEqual(
|
||||
results,
|
||||
_.concat(
|
||||
_.fill([1..10], 'Your email or password is incorrect. Please try again'),
|
||||
_.fill([1..5], 'This account has had too many login requests. Please wait 2 minutes before trying to log in again')
|
||||
)
|
||||
)
|
||||
done()
|
||||
)
|
||||
|
||||
|
||||
describe "LoginViaRegistration", ->
|
||||
|
||||
before (done) ->
|
||||
|
|
Loading…
Reference in a new issue