Python add_ratelimit_rule示例，zerver.lib.rate_limiter.add_ratelimit_rule Python示例

示例#1

0

显示文件

 def test_hit_ratelimits_as_ip(self) -> None:
     add_ratelimit_rule(1, 5, domain="api_by_ip")
     try:
         RateLimitedIPAddr("127.0.0.1").clear_history()
         self.do_test_hit_ratelimits(self.send_unauthed_api_request)
     finally:
         # We need this in a finally block to ensure the test cleans up after itself
         # even in case of failure, to avoid polluting the rules state.
         remove_ratelimit_rule(1, 5, domain="api_by_ip")

示例#2

0

显示文件

文件： test_external.py 项目： scrapcode/zulip

def rate_limit_rule(range_seconds: int, num_requests: int, domain: str) -> Iterator[None]:
    RateLimitedIPAddr("127.0.0.1", domain=domain).clear_history()
    add_ratelimit_rule(range_seconds, num_requests, domain=domain)
    try:
        yield
    finally:
        # We need this in a finally block to ensure the test cleans up after itself
        # even in case of failure, to avoid polluting the rules state.
        remove_ratelimit_rule(range_seconds, num_requests, domain=domain)

示例#3

0

显示文件

    def test_wrong_old_password_rate_limiter(self) -> None:
        self.login("hamlet")
        with self.settings(RATE_LIMITING_AUTHENTICATE=True):
            add_ratelimit_rule(10, 2, domain="authenticate_by_username")
            start_time = time.time()
            with mock.patch("time.time", return_value=start_time):
                result = self.client_patch(
                    "/json/settings",
                    dict(
                        old_password="******",
                        new_password="******",
                    ),
                )
                self.assert_json_error(result, "Wrong password!")
                result = self.client_patch(
                    "/json/settings",
                    dict(
                        old_password="******",
                        new_password="******",
                    ),
                )
                self.assert_json_error(result, "Wrong password!")

                # We're over the limit, so we'll get blocked even with the correct password.
                result = self.client_patch(
                    "/json/settings",
                    dict(
                        old_password=initial_password(
                            self.example_email("hamlet")),
                        new_password="******",
                    ),
                )
                self.assert_json_error(
                    result,
                    "You're making too many attempts! Try again in 10 seconds."
                )

            # After time passes, we should be able to succeed if we give the correct password.
            with mock.patch("time.time", return_value=start_time + 11):
                json_result = self.client_patch(
                    "/json/settings",
                    dict(
                        old_password=initial_password(
                            self.example_email("hamlet")),
                        new_password="******",
                    ),
                )
                self.assert_json_success(json_result)

            remove_ratelimit_rule(10, 2, domain="authenticate_by_username")

示例#4

0

显示文件

    def test_thumbnail_redirect_for_spectator(self) -> None:
        self.login("hamlet")
        fp = StringIO("zulip!")
        fp.name = "zulip.jpeg"

        result = self.client_post("/json/user_uploads", {"file": fp})
        self.assert_json_success(result)
        json = orjson.loads(result.content)
        uri = json["uri"]

        add_ratelimit_rule(86400, 1000, domain="spectator_attachment_access_by_file")
        # Deny file access for non-web-public stream
        self.subscribe(self.example_user("hamlet"), "Denmark")
        host = self.example_user("hamlet").realm.host
        body = f"First message ...[zulip.txt](http://{host}" + uri + ")"
        self.send_stream_message(self.example_user("hamlet"), "Denmark", body, "test")

        self.logout()
        response = self.client_get("/thumbnail", {"url": uri[1:], "size": "full"})
        self.assertEqual(response.status_code, 403)

        # Allow file access for web-public stream
        self.login("hamlet")
        self.make_stream("web-public-stream", is_web_public=True)
        self.subscribe(self.example_user("hamlet"), "web-public-stream")
        body = f"First message ...[zulip.txt](http://{host}" + uri + ")"
        self.send_stream_message(self.example_user("hamlet"), "web-public-stream", body, "test")

        self.logout()
        response = self.client_get("/thumbnail", {"url": uri[1:], "size": "full"})
        self.assertEqual(response.status_code, 302)
        remove_ratelimit_rule(86400, 1000, domain="spectator_attachment_access_by_file")

        # Deny file access since rate limited
        add_ratelimit_rule(86400, 0, domain="spectator_attachment_access_by_file")
        response = self.client_get("/thumbnail", {"url": uri[1:], "size": "full"})
        self.assertEqual(response.status_code, 403)
        remove_ratelimit_rule(86400, 0, domain="spectator_attachment_access_by_file")

        # Deny random file access
        response = self.client_get(
            "/thumbnail",
            {
                "url": "user_uploads/2/71/QYB7LA-ULMYEad-QfLMxmI2e/zulip-non-existent.txt",
                "size": "full",
            },
        )
        self.assertEqual(response.status_code, 403)

示例#5

0

显示文件

文件： test_external.py 项目： winning1120xx/zulip

    def setUp(self) -> None:
        super().setUp()

        # Some tests here can be somewhat timing-sensitive in a way
        # that can't be eliminated, e.g. due to testing things that rely
        # on redis' internal timing mechanism which we can't mock.
        # The first API request when running a suite of tests is slow
        # and can take multiple seconds. This is not a problem when running
        # multiple tests, but if an individual, time-sensitive test from this class
        # is run, the first API request it makes taking a lot of time can throw things off
        # and cause the test to fail. Thus we do a dummy API request here to warm up
        # the system and allow the tests to assume their requests won't take multiple seconds.
        user = self.example_user('hamlet')
        self.api_get(user, "/api/v1/messages")

        settings.RATE_LIMITING = True
        add_ratelimit_rule(1, 5)

示例#6

0

显示文件

    def test_hit_ratelimits_as_remote_server(self) -> None:
        add_ratelimit_rule(1, 5, domain="api_by_remote_server")
        server_uuid = "1234-abcd"
        server = RemoteZulipServer(
            uuid=server_uuid,
            api_key="magic_secret_api_key",
            hostname="demo.example.com",
            last_updated=timezone_now(),
        )
        server.save()

        endpoint = "/api/v1/remotes/push/register"
        payload = {
            "user_id": 10,
            "token": "111222",
            "token_kind": PushDeviceToken.GCM
        }
        try:
            # Remote servers can only make requests to the root subdomain.
            original_default_subdomain = self.DEFAULT_SUBDOMAIN
            self.DEFAULT_SUBDOMAIN = ""

            RateLimitedRemoteZulipServer(server).clear_history()
            with self.assertLogs("zerver.lib.rate_limiter",
                                 level="WARNING") as m:
                self.do_test_hit_ratelimits(
                    lambda: self.uuid_post(server_uuid, endpoint, payload))
            self.assertEqual(
                m.output,
                [
                    "WARNING:zerver.lib.rate_limiter:Remote server <RemoteZulipServer demo.example.com 1234-abcd> exceeded rate limits on domain api_by_remote_server"
                ],
            )
        finally:
            self.DEFAULT_SUBDOMAIN = original_default_subdomain
            remove_ratelimit_rule(1, 5, domain="api_by_remote_server")

示例#7

0

显示文件

    def test_add_remove_rule(self) -> None:
        user_profile = self.example_user("hamlet")
        add_ratelimit_rule(1, 2)
        add_ratelimit_rule(4, 5, domain='some_new_domain')
        add_ratelimit_rule(10, 100, domain='some_new_domain')
        obj = RateLimitedUser(user_profile)

        self.assertEqual(obj.get_rules(), [(1, 2)])
        obj.domain = 'some_new_domain'
        self.assertEqual(obj.get_rules(), [(4, 5), (10, 100)])

        remove_ratelimit_rule(10, 100, domain='some_new_domain')
        self.assertEqual(obj.get_rules(), [(4, 5)])

示例#8

0

显示文件

 def setUp(self) -> None:
     super().setUp()
     settings.RATE_LIMITING = True
     add_ratelimit_rule(1, 5)

示例#9

0

显示文件

文件： test_external.py 项目： 284928489/zulip

 def setUp(self) -> None:
     settings.RATE_LIMITING = True
     add_ratelimit_rule(1, 5)

示例#10

0

显示文件

文件： test_external.py 项目： vlfedotov/zulip

 def setUp(self):
     # type: () -> None
     settings.RATE_LIMITING = True
     add_ratelimit_rule(1, 5)

示例#11

0

显示文件

 def setUp(self):
     settings.RATE_LIMITING = True
     add_ratelimit_rule(1, 5)