feat(testing): add test for rate limiter
This commit is contained in:
parent
08521077f0
commit
1e6f4f2a14
@ -45,4 +45,51 @@ test.describe("login", () => {
|
||||
await page.waitForLoadState("networkidle")
|
||||
expect(await page.isVisible("text=Incorrect password"))
|
||||
})
|
||||
|
||||
test("should hit the rate limiter for too many unsuccessful logins", options, async ({ page }) => {
|
||||
await page.goto(CODE_SERVER_ADDRESS, { waitUntil: "networkidle" })
|
||||
// Type in password
|
||||
await page.fill(".password", "password123")
|
||||
// Click the submit button and login
|
||||
// The current RateLimiter allows 2 logins per minute plus
|
||||
// 12 logins per hour for a total of 14
|
||||
// See: src/node/routes/login.ts
|
||||
for (let i = 1; i <= 14; i++) {
|
||||
await page.click(".submit")
|
||||
await page.waitForLoadState("networkidle")
|
||||
}
|
||||
|
||||
// The 15th should fail
|
||||
await page.click(".submit")
|
||||
await page.waitForLoadState("networkidle")
|
||||
expect(await page.isVisible("text=Login rate limited!"))
|
||||
})
|
||||
|
||||
// This test takes 8mins to run and is probably not worth adding to our e2e suite
|
||||
// test.only("should not count successful logins against the rate limiter", options, async ({ page }) => {
|
||||
// for (let i = 1; i <= 14; i++) {
|
||||
// await page.goto(CODE_SERVER_ADDRESS, { waitUntil: "networkidle" })
|
||||
// await page.fill(".password", PASSWORD)
|
||||
// await page.click(".submit")
|
||||
// await page.waitForLoadState("networkidle")
|
||||
// // Make sure the editor actually loaded
|
||||
// await page.isVisible("div.monaco-workbench")
|
||||
|
||||
// // Delete cookie
|
||||
// await page.evaluate(() => {
|
||||
// document.cookie = "key" + "=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;"
|
||||
// return Promise.resolve()
|
||||
// })
|
||||
|
||||
// // Go back to address, which should be the login page
|
||||
// await page.goto(CODE_SERVER_ADDRESS, { waitUntil: "networkidle" })
|
||||
// }
|
||||
|
||||
// // On the 15th time, we should see the editor
|
||||
// await page.fill(".password", PASSWORD)
|
||||
// await page.click(".submit")
|
||||
// await page.waitForLoadState("networkidle")
|
||||
// // Make sure the editor actually loaded
|
||||
// expect(await page.isVisible("div.monaco-workbench"))
|
||||
// })
|
||||
})
|
||||
|
Reference in New Issue
Block a user