def test_throttling_user_daily(self): with freeze_time('2019-04-08 15:16:23.42') as frozen_time: for _ in range(0, 48): self._add_fake_throttling_action( view_class=FileUploadViewSet, url=self.list_url, user=self.user, remote_addr=get_random_ip(), ) # At this point we should be throttled since we're using the same # user. (we're still inside the frozen time context). response = self._create_post(ip=get_random_ip()) assert response.status_code == 429, response.content # One minute later, past the 'burst' throttling period, we're still # blocked by the 'hourly' limit. frozen_time.tick(delta=timedelta(seconds=61)) response = self._create_post(ip=get_random_ip()) assert response.status_code == 429, response.content # After the hourly limit, still blocked. frozen_time.tick(delta=timedelta(seconds=3601)) response = self._create_post(ip=get_random_ip()) assert response.status_code == 429, response.content # 86401 seconds later we should be allowed again (24h + 1s). frozen_time.tick(delta=timedelta(seconds=86401)) response = self._create_post(ip=get_random_ip()) assert response.status_code == 201, response.content
def _test_throttling_verb_user_burst(self, verb, url, expected_status=201): with freeze_time('2019-04-08 15:16:23.42') as frozen_time: for x in range(0, 6): # Make the user different every time so that we test the ip # throttling. self._add_fake_throttling_action( url, self.user, get_random_ip()) # At this point we should be throttled since we're using the same # user. (we're still inside the frozen time context). response = self.request( verb, url=url, addon='@create-webextension', version='1.0', extra_kwargs={'REMOTE_ADDR': get_random_ip()}) assert response.status_code == 429 # 'Burst' throttling is 1 minute, so 61 seconds later we should be # allowed again. frozen_time.tick(delta=timedelta(seconds=61)) response = self.request( verb, url=url, addon='@create-webextension', version='1.0', extra_kwargs={'REMOTE_ADDR': get_random_ip()}) assert response.status_code == expected_status
def _test_throttling_verb_user_burst(self, verb, url, expected_status=201): with freeze_time('2019-04-08 15:16:23.42') as frozen_time: for x in range(0, 6): # Make the user different every time so that we test the ip # throttling. self._add_fake_throttling_action( view_class=self.view_class, url=url, user=self.user, remote_addr=get_random_ip(), ) # At this point we should be throttled since we're using the same # user. (we're still inside the frozen time context). response = self.request( verb, url=url, addon='@create-webextension', version='1.0', extra_kwargs={'REMOTE_ADDR': get_random_ip()}) assert response.status_code == 429 # 'Burst' throttling is 1 minute, so 61 seconds later we should be # allowed again. frozen_time.tick(delta=timedelta(seconds=61)) response = self.request( verb, url=url, addon='@create-webextension', version='1.0', extra_kwargs={'REMOTE_ADDR': get_random_ip()}) assert response.status_code == expected_status
def test_throttling(self, parse_addon_mock): upload = FileUpload.objects.create(valid=True, name='foo.xpi') data = {'upload': upload.uuid, 'compatible_apps': [amo.FIREFOX.id]} request = req_factory_factory('/', post=True, data=data) request.user = user_factory() request.META['REMOTE_ADDR'] = '5.6.7.8' with freeze_time('2019-04-08 15:16:23.42') as frozen_time: for x in range(0, 6): self._add_fake_throttling_action( view_class=VersionView, url='/', user=request.user, remote_addr=get_random_ip(), ) form = forms.NewUploadForm(data, request=request) assert not form.is_valid() assert form.errors.get('__all__') == [ 'You have submitted too many uploads recently. ' 'Please try again after some time.' ] frozen_time.tick(delta=timedelta(seconds=61)) form = forms.NewUploadForm(data, request=request) assert form.is_valid()
def test_rate_limiting(self): self.request.META['REMOTE_ADDR'] = '5.6.7.8' with freeze_time('2021-01-08 15:16:23.42') as frozen_time: for x in range(0, 6): self._add_fake_throttling_action( view_class=VersionView, url='/', user=self.request.user, remote_addr=get_random_ip(), ) form = forms.SitePermissionGeneratorForm( { 'site_permissions': _DEFAULT_SITE_PERMISSIONS, 'origin': 'https://foo.com', }, request=self.request, ) assert not form.is_valid() assert form.errors.get('__all__') == [ 'You have submitted too many uploads recently. ' 'Please try again after some time.' ] frozen_time.tick(delta=timedelta(seconds=61)) form = forms.SitePermissionGeneratorForm( { 'site_permissions': _DEFAULT_SITE_PERMISSIONS, 'origin': 'https://foo.com', }, request=self.request, ) assert form.is_valid()
def test_throttling(self, parse_addon_mock): upload = FileUpload.objects.create(valid=True, name='foo.xpi') data = {'upload': upload.uuid, 'compatible_apps': [amo.FIREFOX.id]} request = req_factory_factory('/', post=True, data=data) request.user = user_factory() request.META['REMOTE_ADDR'] = '5.6.7.8' with freeze_time('2019-04-08 15:16:23.42') as frozen_time: for x in range(0, 6): self._add_fake_throttling_action( view_class=VersionView, url='/', user=request.user, remote_addr=get_random_ip(), ) form = forms.NewUploadForm(data, request=request) assert not form.is_valid() assert form.errors.get('__all__') == [ 'You have submitted too many uploads recently. ' 'Please try again after some time.' ] frozen_time.tick(delta=timedelta(seconds=61)) form = forms.NewUploadForm(data, request=request) assert form.is_valid()
def _test_throttling_verb_user_sustained(self, verb, url, expected_status=201): with freeze_time('2019-04-08 15:16:23.42') as frozen_time: for x in range(0, 50): # Make the user different every time so that we test the ip # throttling. self._add_fake_throttling_action( view_class=self.view_class, url=url, user=self.user, remote_addr=get_random_ip(), ) # At this point we should be throttled since we're using the same # user. (we're still inside the frozen time context). response = self.request( verb, url=url, addon='@create-webextension', version='1.0', extra_kwargs={'REMOTE_ADDR': get_random_ip()}) assert response.status_code == 429 # One minute later, past the 'burst' throttling period, we're still # blocked by the 'sustained' limit. frozen_time.tick(delta=timedelta(seconds=61)) response = self.request( verb, url=url, addon='@create-webextension', version='1.0', extra_kwargs={'REMOTE_ADDR': get_random_ip()}) assert response.status_code == 429 # 'Sustained' throttling is 1 hour, so 3601 seconds later we should # be allowed again. frozen_time.tick(delta=timedelta(seconds=3601)) response = self.request( verb, url=url, addon='@create-webextension', version='1.0', extra_kwargs={'REMOTE_ADDR': get_random_ip()}) assert response.status_code == expected_status
def test_throttling_user_burst(self): with freeze_time('2019-04-08 15:16:23.42') as frozen_time: for _ in range(0, 6): self._add_fake_throttling_action( view_class=FileUploadViewSet, url=self.list_url, user=self.user, remote_addr=get_random_ip(), ) # At this point we should be throttled since we're using the same # user. (we're still inside the frozen time context). response = self._create_post(ip=get_random_ip()) assert response.status_code == 429, response.content # 'Burst' throttling is 1 minute, so 61 seconds later we should be # allowed again. frozen_time.tick(delta=timedelta(seconds=61)) response = self._create_post(ip=get_random_ip()) assert response.status_code == 201, response.content