def testNeedCaptcha_NoLifetimeLimit(self):
action = actionlimit.ISSUE_COMMENT
user = user_pb2.User()
life_max = actionlimit.ACTION_LIMITS[action][3]
actionlimit.GetLimitPB(user, action).lifetime_count = life_max + 1
self.assertRaises(actionlimit.ExcessiveActivityException,
actionlimit.NeedCaptcha,
user,
action,
skip_lifetime_check=False)
self.assertFalse(
actionlimit.NeedCaptcha(user, action, skip_lifetime_check=True))
actionlimit.GetLimitPB(user, action).recent_count = 1
actionlimit.GetLimitPB(user,
action).reset_timestamp = int(time.time()) + 5
self.assertFalse(
actionlimit.NeedCaptcha(user, action, skip_lifetime_check=True))
def GatherCaptchaData(self, mr):
"""If this page needs a captcha, return captcha info for use in EZT."""
if (mr.project and framework_bizobj.UserIsInProject(
mr.project, mr.auth.effective_ids)):
# Don't show users CAPTCHAs within their own projects.
return {'show_captcha': ezt.boolean(False)}
show_captcha = any(
actionlimit.NeedCaptcha(mr.auth.user_pb, action_type)
for action_type in self._CAPTCHA_ACTION_TYPES)
logging.info('show_captcha: %r', show_captcha)
return {'show_captcha': ezt.boolean(show_captcha)}
def testNeedCaptcha_AuthUserHardLimitRespectsTimeout(self):
action = actionlimit.ISSUE_COMMENT
user = user_pb2.User()
(period, _soft_limit, hard_limit,
_life_max) = actionlimit.ACTION_LIMITS[action]
now = int(time.time())
later = now + period + 1 # a future in which our timestamp is expired
for _i in range(0, hard_limit):
actionlimit.CountAction(user, action, now=now)
self.assertRaises(actionlimit.ExcessiveActivityException,
actionlimit.NeedCaptcha, user, action)
# if we didn't pass later, we'd get an exception
self.assertFalse(actionlimit.NeedCaptcha(user, action, now=later))
def increment_request_limit(self, request, client_id, client_email):
"""Check whether the requester has exceeded API quotas limit,
and increment request count in DB and ts_mon.
"""
mar = self.mar_factory(request)
# soft_limit == hard_limit for api_request, so this function either
# returns False if under limit, or raise ExcessiveActivityException
if not actionlimit.NeedCaptcha(
mar.auth.user_pb, actionlimit.API_REQUEST, skip_lifetime_check=True):
actionlimit.CountAction(
mar.auth.user_pb, actionlimit.API_REQUEST, delta=1)
self._services.user.UpdateUser(
mar.cnxn, mar.auth.user_id, mar.auth.user_pb)
# Avoid value explosision and protect PII info
if not framework_helpers.IsServiceAccount(client_email):
client_email = '*****@*****.**'
self.api_requests.increment_by(
1, {'client_id': client_id, 'client_email': client_email})
def CheckCaptcha(self, mr, post_data):
"""Check the provided CAPTCHA solution and add an error if it is wrong."""
if (mr.project and framework_bizobj.UserIsInProject(
mr.project, mr.auth.effective_ids)):
logging.info('Project member is exempt from CAPTCHA')
return # Don't check a user's actions within their own projects.
if not any(
actionlimit.NeedCaptcha(mr.auth.user_pb, action_type)
for action_type in self._CAPTCHA_ACTION_TYPES):
logging.info('No CAPTCHA was required')
return # no captcha was needed.
remote_ip = mr.request.remote_addr
captcha_response = post_data.get('g-recaptcha-response')
correct, _msg = captcha.Verify(remote_ip, captcha_response)
if correct:
logging.info('CAPTCHA was solved')
else:
logging.info('BZzzz! Bad captcha solution.')
mr.errors.captcha = 'Captcha check failed.'
def testNeedCaptcha_AuthUserNoPreviousActions(self):
action = actionlimit.ISSUE_COMMENT
user = user_pb2.User()
# TODO(jrobbins): change back to True after CAPTCHA are more robust.
self.assertFalse(actionlimit.NeedCaptcha(user, action))
def testNeedCaptcha_NoUser(self):
action = actionlimit.ISSUE_COMMENT
self.assertFalse(actionlimit.NeedCaptcha(None, action))