0004-more-determinism-in-ratelimit-tests.patch

Benjamin Dauvergne, 23 janvier 2020 01:33

Voir les différences: en ligne côte à côte

Subject: [PATCH 4/4] more determinism in ratelimit tests

 tests/test_idp_oidc.py | 65 ++++++++++++++----------------------------
 1 file changed, 22 insertions(+), 43 deletions(-)

         assert len(response.json['results']) == count
     def test_resource_owner_password_credential_grant(app, oidc_client, admin, simple_user):
     def test_credentials_grant(app, oidc_client, admin, simple_user):
         cache.clear()
         oidc_client.authorization_flow = OIDCClient.FLOW_RESOURCE_OWNER_CRED
         oidc_client.scope = 'openid'
-...
         assert all(claims.values())
     def test_resource_owner_password_credential_grant_ratelimitation_invalid_client(
             app, oidc_client, admin, simple_user, oidc_settings):
     def test_credentials_grant_ratelimitation_invalid_client(
             app, oidc_client, admin, simple_user, oidc_settings, freezer):
         freezer.move_to('2020-01-01')
         cache.clear()
         oidc_client.authorization_flow = OIDCClient.FLOW_RESOURCE_OWNER_CRED
         oidc_client.save()
-...
             'username': simple_user.username,
             'password': simple_user.username,
+        }
         attempts = 0
         dummy_post = RequestFactory().post('/dummy')
         while attempts < 1000:
             attempts += 1
             ratelimited = is_ratelimited(
                 request=dummy_post, group='test-ro-cred-grant', increment=True,
                 key=lambda x, y: '127.0.0.1',
                 rate=oidc_settings.A2_IDP_OIDC_PASSWORD_GRANT_RATELIMIT)
         for i in range(int(oidc_settings.A2_IDP_OIDC_PASSWORD_GRANT_RATELIMIT.split('/')[0])):
             response = app.post(token_url, params=params, status=400)
             if not ratelimited:
                 assert response.json['error'] == 'invalid_client'
                 assert 'client authentication failed' in response.json['error_description']
                 continue
             else:
                 assert response.json['error'] == 'invalid_request'
                 assert 'reached rate limitation' in response.json['error_description']
                 break
         if not ratelimited:
             assert 0
             assert response.json['error'] == 'invalid_client'
             assert 'client authentication failed' in response.json['error_description']
         response = app.post(token_url, params=params, status=400)
         assert response.json['error'] == 'invalid_request'
         assert 'reached rate limitation' in response.json['error_description']
     def test_credentials_grant_ratelimitation_valid_client(
             app, oidc_client, admin, simple_user, oidc_settings):
             app, oidc_client, admin, simple_user, oidc_settings, freezer):
         freezer.move_to('2020-01-01')
         cache.clear()
         oidc_client.authorization_flow = OIDCClient.FLOW_RESOURCE_OWNER_CRED
         oidc_client.save()
-...
             'username': simple_user.username,
             'password': simple_user.username,
+        }
         attempts = 0
         dummy_post = RequestFactory().post('/dummy')
         while attempts < 1000:
             before = now()
             attempts += 1
             ratelimited = is_ratelimited(
                     request=dummy_post, group='test-ro-cred-grant', increment=True,
                     key=lambda x, y: oidc_client.client_id,
                     rate=oidc_settings.A2_IDP_OIDC_PASSWORD_GRANT_RATELIMIT)
             if ratelimited:
                 response = app.post(token_url, params=params, status=400)
                 assert response.json['error'] == 'invalid_request'
                 assert 'reached rate limitation' in response.json['error_description']
                 break
             else:
                 response = app.post(token_url, params=params)
         if not ratelimited:
             assert 0
         for i in range(int(oidc_settings.A2_IDP_OIDC_PASSWORD_GRANT_RATELIMIT.split('/')[0])):
             app.post(token_url, params=params)
         response = app.post(token_url, params=params, status=400)
         assert response.json['error'] == 'invalid_request'
         assert 'reached rate limitation' in response.json['error_description']
     def test_credentials_grant_retrytimout(
             app, oidc_client, admin, simple_user, settings, freezer):
         freezer.move_to('2020-01-01')
         cache.clear()
         settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_DURATION = 2
         oidc_client.authorization_flow = OIDCClient.FLOW_RESOURCE_OWNER_CRED
-...
                 assert 'too many attempts with erroneous RO password' in response.json['error_description']
         # freeze some time after backoff delay expiration
         today = datetime.date.today()
         dayafter = today + datetime.timedelta(days=2)
         freezer.move_to(dayafter.strftime('%Y-%m-%d'))
         freezer.move_to(datetime.timedelta(days=2))
         # obtain a successful login
         params['password'] = simple_user.username
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0004-more-determinism-in-ratelimit-tests.patch