From 1e6f4f2a14861d6166c9abaa6be5528abf94e3fe Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Thu, 15 Apr 2021 16:36:35 -0700 Subject: [PATCH] feat(testing): add test for rate limiter --- test/e2e/login.test.ts | 47 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/test/e2e/login.test.ts b/test/e2e/login.test.ts index 91303ffe..0621accd 100644 --- a/test/e2e/login.test.ts +++ b/test/e2e/login.test.ts @@ -45,4 +45,51 @@ test.describe("login", () => { await page.waitForLoadState("networkidle") expect(await page.isVisible("text=Incorrect password")) }) + + test("should hit the rate limiter for too many unsuccessful logins", options, async ({ page }) => { + await page.goto(CODE_SERVER_ADDRESS, { waitUntil: "networkidle" }) + // Type in password + await page.fill(".password", "password123") + // Click the submit button and login + // The current RateLimiter allows 2 logins per minute plus + // 12 logins per hour for a total of 14 + // See: src/node/routes/login.ts + for (let i = 1; i <= 14; i++) { + await page.click(".submit") + await page.waitForLoadState("networkidle") + } + + // The 15th should fail + await page.click(".submit") + await page.waitForLoadState("networkidle") + expect(await page.isVisible("text=Login rate limited!")) + }) + + // This test takes 8mins to run and is probably not worth adding to our e2e suite + // test.only("should not count successful logins against the rate limiter", options, async ({ page }) => { + // for (let i = 1; i <= 14; i++) { + // await page.goto(CODE_SERVER_ADDRESS, { waitUntil: "networkidle" }) + // await page.fill(".password", PASSWORD) + // await page.click(".submit") + // await page.waitForLoadState("networkidle") + // // Make sure the editor actually loaded + // await page.isVisible("div.monaco-workbench") + + // // Delete cookie + // await page.evaluate(() => { + // document.cookie = "key" + "=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;" + // return Promise.resolve() + // }) + + // // Go back to address, which should be the login page + // await page.goto(CODE_SERVER_ADDRESS, { waitUntil: "networkidle" }) + // } + + // // On the 15th time, we should see the editor + // await page.fill(".password", PASSWORD) + // await page.click(".submit") + // await page.waitForLoadState("networkidle") + // // Make sure the editor actually loaded + // expect(await page.isVisible("div.monaco-workbench")) + // }) })