413cd34c45
* Tie rate limits to both the user's ID and their IP address. * Make each endpoint have separate rate limits. This means that, for example, your post edit rate limit is separate from your post vote rate limit. Before all write actions had a shared rate limit. * Make all write endpoints have rate limits. Before some endpoints, such as voting, favoriting, commenting, or forum posting, weren't subject to rate limits. * Add stricter rate limits for some endpoints: ** 1 per 5 minutes for creating new accounts. ** 1 per minute for login attempts, changing your email address, or for creating mod reports. ** 1 per minute for sending dmails, creating comments, creating forum posts, or creating forum topics. ** 1 per second for voting, favoriting, or disapproving posts. ** These rate limits all have burst factors high enough that they shouldn't affect normal, non-automated users. * Raise the default write rate limit for Gold users from 2 per second to 4 per second, for all other actions not listed above. * Raise the default burst factor to 200 for all other actions not listed above. Before it was 10 for Members, 30 for Gold, and 60 for Platinum.
53 lines
1.8 KiB
Ruby
53 lines
1.8 KiB
Ruby
require 'test_helper'
|
|
|
|
class ApiKeyTest < ActiveSupport::TestCase
|
|
context "ApiKey:" do
|
|
setup do
|
|
@user = create(:user)
|
|
@api_key = create(:api_key, user: @user)
|
|
end
|
|
|
|
context "During validation" do
|
|
subject { build(:api_key) }
|
|
|
|
context "of permissions" do
|
|
should allow_value([]).for(:permissions)
|
|
should allow_value(["posts:index"]).for(:permissions)
|
|
should allow_value(["posts:index", "posts:show"]).for(:permissions)
|
|
|
|
should_not allow_value(["blah"]).for(:permissions)
|
|
should_not allow_value(["posts:blah"]).for(:permissions)
|
|
should_not allow_value(["blah:index"]).for(:permissions)
|
|
end
|
|
|
|
context "of IP addresses" do
|
|
should allow_value([]).for(:permitted_ip_addresses)
|
|
should allow_value(["1.2.3.4"]).for(:permitted_ip_addresses)
|
|
should allow_value(["1.2.3.4/24"]).for(:permitted_ip_addresses)
|
|
should allow_value(["0.0.0.0/0"]).for(:permitted_ip_addresses)
|
|
should allow_value(["2600::1/64"]).for(:permitted_ip_addresses)
|
|
|
|
#should allow_value(["1.2.3.4/24 4.5.6.7/24"]).for(:permitted_ip_addresses)
|
|
#should_not allow_value(["blah"]).for(:permitted_ip_addresses)
|
|
#should_not allow_value(["1.2.3.4/64"]).for(:permitted_ip_addresses)
|
|
end
|
|
end
|
|
|
|
should "generate a unique key" do
|
|
assert_not_nil(@api_key.key)
|
|
end
|
|
|
|
should "authenticate via api key" do
|
|
assert_equal([@user, @api_key], @user.authenticate_api_key(@api_key.key))
|
|
end
|
|
|
|
should "not authenticate with the wrong api key" do
|
|
assert_equal(false, @user.authenticate_api_key("xxx"))
|
|
end
|
|
|
|
should "not authenticate with the wrong name" do
|
|
assert_equal(false, create(:user).authenticate_api_key(@api_key.key))
|
|
end
|
|
end
|
|
end
|