Merge branch 'rate-limiter-runtime-settings' into 'develop'

RateLimiter improvements: runtime configurability, no default limits in tests See merge request pleroma/pleroma!2250
2020-02-29 21:52:33 +00:00 · 2020-02-29 21:52:33 +00:00 · 19e559fe51
commit 19e559fe51
parent 269aa9c8a5 c747260989
6 changed files with 218 additions and 184 deletions
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@ -673,10 +673,48 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
      assert json_response(res, 400) == %{"error" => "{\"email\":[\"has already been taken\"]}"}
    end

-    clear_config([Pleroma.Plugs.RemoteIp, :enabled])
+    test "returns bad_request if missing required params", %{
+      conn: conn,
+      valid_params: valid_params
+    } do
+      app_token = insert(:oauth_token, user: nil)

-    test "rate limit", %{conn: conn} do
+      conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
+
+      res = post(conn, "/api/v1/accounts", valid_params)
+      assert json_response(res, 200)
+
+      [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
+      |> Stream.zip(valid_params)
+      |> Enum.each(fn {ip, {attr, _}} ->
+        res =
+          conn
+          |> Map.put(:remote_ip, ip)
+          |> post("/api/v1/accounts", Map.delete(valid_params, attr))
+          |> json_response(400)
+
+        assert res == %{"error" => "Missing parameters"}
+      end)
+    end
+
+    test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
+      conn = put_req_header(conn, "authorization", "Bearer " <> "invalid-token")
+
+      res = post(conn, "/api/v1/accounts", valid_params)
+      assert json_response(res, 403) == %{"error" => "Invalid credentials"}
+    end
+  end
+
+  describe "create account by app / rate limit" do
+    clear_config([Pleroma.Plugs.RemoteIp, :enabled]) do
      Pleroma.Config.put([Pleroma.Plugs.RemoteIp, :enabled], true)
+    end
+
+    clear_config([:rate_limit, :app_account_creation]) do
+      Pleroma.Config.put([:rate_limit, :app_account_creation], {10_000, 2})
+    end
+
+    test "respects rate limit setting", %{conn: conn} do
      app_token = insert(:oauth_token, user: nil)

      conn =
@ -684,7 +722,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
        |> put_req_header("authorization", "Bearer " <> app_token.token)
        |> Map.put(:remote_ip, {15, 15, 15, 15})

-      for i <- 1..5 do
+      for i <- 1..2 do
        conn =
          post(conn, "/api/v1/accounts", %{
            username: "#{i}lain",
@ -718,37 +756,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do

      assert json_response(conn, :too_many_requests) == %{"error" => "Throttled"}
    end
-
-    test "returns bad_request if missing required params", %{
-      conn: conn,
-      valid_params: valid_params
-    } do
-      app_token = insert(:oauth_token, user: nil)
-
-      conn = put_req_header(conn, "authorization", "Bearer " <> app_token.token)
-
-      res = post(conn, "/api/v1/accounts", valid_params)
-      assert json_response(res, 200)
-
-      [{127, 0, 0, 1}, {127, 0, 0, 2}, {127, 0, 0, 3}, {127, 0, 0, 4}]
-      |> Stream.zip(valid_params)
-      |> Enum.each(fn {ip, {attr, _}} ->
-        res =
-          conn
-          |> Map.put(:remote_ip, ip)
-          |> post("/api/v1/accounts", Map.delete(valid_params, attr))
-          |> json_response(400)
-
-        assert res == %{"error" => "Missing parameters"}
-      end)
-    end
-
-    test "returns forbidden if token is invalid", %{conn: conn, valid_params: valid_params} do
-      conn = put_req_header(conn, "authorization", "Bearer " <> "invalid-token")
-
-      res = post(conn, "/api/v1/accounts", valid_params)
-      assert json_response(res, 403) == %{"error" => "Invalid credentials"}
-    end
  end

  describe "GET /api/v1/accounts/:id/lists - account_lists" do