Fixed rate limit test (#16258)

closes https://github.com/TryGhost/Team/issues/2547 Changed the configuration for testing to be a bit more strict, by slowing down the amount of requests it can handle to give CI enough time to kick in the rate limiter. Before this, CI simply wasn't hitting the API fast enough to trigger the rate limiter. Co-authored-by: Ronald Langeveld <hi@ronaldlangeveld.com>
2024-11-23 11:55:01 +03:00 · 2023-02-13 14:16:56 +07:00 · 2023-02-13 14:16:56 +07:00 · 57695d03df
commit 57695d03df
parent 2c9fb2ad5e
5 changed files with 103 additions and 39 deletions
--- a/ghost/core/core/shared/config/env/config.testing-browser.json
+++ b/ghost/core/core/shared/config/env/config.testing-browser.json
@ -43,6 +43,12 @@
            "maxWait": 3600000,
            "lifetime": 3600,
            "freeRetries":99
+        },
+        "webmentions_block": {
+            "minWait": 100000,
+            "maxWait": 100000,
+            "lifetime": 3600,
+            "freeRetries": 3
        }
    },
    "privacy": {
--- a/ghost/core/core/shared/config/env/config.testing-mysql.json
+++ b/ghost/core/core/shared/config/env/config.testing-mysql.json
@ -44,7 +44,14 @@
            "maxWait": 3600000,
            "lifetime": 3600,
            "freeRetries":99
+        },
+        "webmentions_block": {
+            "minWait": 100000,
+            "maxWait": 100000,
+            "lifetime": 3600,
+            "freeRetries": 3
        }
+
    },
    "privacy": {
        "useTinfoil": true,
--- a/ghost/core/core/shared/config/env/config.testing.json
+++ b/ghost/core/core/shared/config/env/config.testing.json
@ -45,10 +45,10 @@
            "freeRetries":99
        },
        "webmentions_block": {
-            "minWait": 10,
-            "maxWait": 100,
-            "lifetime": 1000,
-            "freeRetries": 100
+            "minWait": 100000,
+            "maxWait": 100000,
+            "lifetime": 3600,
+            "freeRetries": 3
        }
    },
    "privacy": {
--- a/ghost/core/test/e2e-api/webmentions/webmentions.test.js
+++ b/ghost/core/test/e2e-api/webmentions/webmentions.test.js
@ -34,6 +34,7 @@ describe('Webmentions (receiving)', function () {
    afterEach(async function () {
        await DomainEvents.allSettled();
        mockManager.restore();
+        await dbUtils.truncate('brute');
    });

    it('can receive a webmention', async function () {
@ -175,43 +176,44 @@ describe('Webmentions (receiving)', function () {

        emailMockReceiver.sentEmailCount(0);
    });
-    // @TODO this test is flaky, needs to find a better way to test rate limiting.
-    // No issues locally, and sometimes passes on CI, but is not reliable.

-    // it('is rate limited against spamming mention requests', async function () {
-    //     await dbUtils.truncate('brute');
-    //     const webmentionBlock = configUtils.config.get('spam').webmentions_block;
-    //     const targetUrl = new URL(urlUtils.getSiteUrl());
-    //     const sourceUrl = new URL('http://testpage.com/external-article-2/');
-    //     const html = `
-    //             <html><head><title>Test Page</title><meta name="description" content="Test description"><meta name="author" content="John Doe"></head><body></body></html>
-    //         `;
-    //     nock(targetUrl.origin)
-    //         .head(targetUrl.pathname)
-    //         .reply(200);
+    it('is rate limited against spamming mention requests', async function () {
+        await dbUtils.truncate('brute');
+        const webmentionBlock = configUtils.config.get('spam').webmentions_block;
+        const targetUrl = new URL(urlUtils.getSiteUrl());
+        const sourceUrl = new URL('http://testpage.com/external-article-2/');
+        const html = `
+                <html><head><title>Test Page</title><meta name="description" content="Test description"><meta name="author" content="John Doe"></head><body></body></html>
+            `;
+        nock(targetUrl.origin)
+            .head(targetUrl.pathname)
+            .reply(200);

-    //     nock(sourceUrl.origin)
-    //         .get(sourceUrl.pathname)
-    //         .reply(200, html, {'Content-Type': 'text/html'});
+        nock(sourceUrl.origin)
+            .get(sourceUrl.pathname)
+            .reply(200, html, {'Content-Type': 'text/html'});

-    //     // +1 because this is a retry count, so we have one request + the retries, then blocked
-    //     for (let i = 0; i < webmentionBlock.freeRetries + 1; i++) {
-    //         await agent.post('/receive/')
-    //             .body({
-    //                 source: sourceUrl.href,
-    //                 target: targetUrl.href,
-    //                 payload: {}
-    //             })
-    //             .expectStatus(202);
-    //     }
+        const requests = [];
+        for (let i = 0; i < webmentionBlock.freeRetries + 1; i++) {
+            const req = await agent.post('/receive/')
+                .body({
+                    source: sourceUrl.href,
+                    target: targetUrl.href,
+                    payload: {}
+                })
+                .expectStatus(202);

-    //     await agent
-    //         .post('/receive/')
-    //         .body({
-    //             source: sourceUrl.href,
-    //             target: targetUrl.href,
-    //             payload: {}
-    //         })
-    //         .expectStatus(429);
-    // });
+            requests.push(req);
+        }
+        await Promise.all(requests);
+
+        await agent
+            .post('/receive/')
+            .body({
+                source: sourceUrl.href,
+                target: targetUrl.href,
+                payload: {}
+            })
+            .expectStatus(429);
+    });
 });
--- a/ghost/core/test/utils/fixtures/config/defaults.json
+++ b/ghost/core/test/utils/fixtures/config/defaults.json
@ -5,5 +5,54 @@
            "filename": "/test.db"
        },
        "debug": false
+    },
+    "spam": {
+        "user_login": {
+            "minWait": 600000,
+            "maxWait": 604800000,
+            "freeRetries": 4
+        },
+        "user_reset": {
+            "minWait": 3600000,
+            "maxWait": 3600000,
+            "lifetime": 3600,
+            "freeRetries": 4
+        },
+        "global_reset": {
+            "minWait": 3600000,
+            "maxWait": 3600000,
+            "lifetime": 3600,
+            "freeRetries": 4
+        },
+        "global_block": {
+            "minWait": 3600000,
+            "maxWait": 3600000,
+            "lifetime": 3600,
+            "freeRetries": 99
+        },
+        "private_block": {
+            "minWait": 3600000,
+            "maxWait": 3600000,
+            "lifetime": 3600,
+            "freeRetries": 99
+        },
+        "content_api_key": {
+            "minWait": 3600000,
+            "maxWait": 86400000,
+            "lifetime": 3600,
+            "freeRetries": 99
+        },
+        "member_login": {
+            "minWait": 600000,
+            "maxWait": 43200000,
+            "lifetime": 43200,
+            "freeRetries": 8
+        },
+        "webmentions_block": {
+            "minWait": 3600000,
+            "maxWait": 3600000,
+            "lifetime": 3600,
+            "freeRetries": 4
+        }
    }
 }