cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add tests for API change rate limits

Browse source
This commit is contained in:
Tom Hughes 2023-10-29 19:21:23 +00:00
parent ba503e02d2
commit 7e974b8662
4 changed files with 402 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

85
test/controllers/api/nodes_controller_test.rb
View file

@ -558,6 +558,91 @@ module Api
assert_includes apinode.tags, "\#{@user.inspect}"
end
##
# test initial rate limit
def test_initial_rate_limit
# create a user
user = create(:user)
# create a changeset that puts us near the initial rate limit
changeset = create(:changeset, :user => user,
:created_at => Time.now.utc - 5.minutes,
:num_changes => Settings.initial_changes_per_hour - 1)
# create authentication header
auth_header = basic_authorization_header user.email, "test"
# try creating a node
xml = "<osm><node lat='0' lon='0' changeset='#{changeset.id}'/></osm>"
put node_create_path, :params => xml, :headers => auth_header
assert_response :success, "node create did not return success status"
# get the id of the node we created
nodeid = @response.body
# try updating the node, which should be rate limited
xml = "<osm><node id='#{nodeid}' version='1' lat='1' lon='1' changeset='#{changeset.id}'/></osm>"
put api_node_path(nodeid), :params => xml, :headers => auth_header
assert_response :too_many_requests, "node update did not hit rate limit"
# try deleting the node, which should be rate limited
xml = "<osm><node id='#{nodeid}' version='2' lat='1' lon='1' changeset='#{changeset.id}'/></osm>"
delete api_node_path(nodeid), :params => xml, :headers => auth_header
assert_response :too_many_requests, "node delete did not hit rate limit"
# try creating a node, which should be rate limited
xml = "<osm><node lat='0' lon='0' changeset='#{changeset.id}'/></osm>"
put node_create_path, :params => xml, :headers => auth_header
assert_response :too_many_requests, "node create did not hit rate limit"
end
##
# test maximum rate limit
def test_maximum_rate_limit
# create a user
user = create(:user)
# create a changeset to establish our initial edit time
changeset = create(:changeset, :user => user,
:created_at => Time.now.utc - 28.days)
# create changeset to put us near the maximum rate limit
total_changes = Settings.max_changes_per_hour - 1
while total_changes.positive?
changes = [total_changes, Changeset::MAX_ELEMENTS].min
changeset = create(:changeset, :user => user,
:created_at => Time.now.utc - 5.minutes,
:num_changes => changes)
total_changes -= changes
end
# create authentication header
auth_header = basic_authorization_header user.email, "test"
# try creating a node
xml = "<osm><node lat='0' lon='0' changeset='#{changeset.id}'/></osm>"
put node_create_path, :params => xml, :headers => auth_header
assert_response :success, "node create did not return success status"
# get the id of the node we created
nodeid = @response.body
# try updating the node, which should be rate limited
xml = "<osm><node id='#{nodeid}' version='1' lat='1' lon='1' changeset='#{changeset.id}'/></osm>"
put api_node_path(nodeid), :params => xml, :headers => auth_header
assert_response :too_many_requests, "node update did not hit rate limit"
# try deleting the node, which should be rate limited
xml = "<osm><node id='#{nodeid}' version='2' lat='1' lon='1' changeset='#{changeset.id}'/></osm>"
delete api_node_path(nodeid), :params => xml, :headers => auth_header
assert_response :too_many_requests, "node delete did not hit rate limit"
# try creating a node, which should be rate limited
xml = "<osm><node lat='0' lon='0' changeset='#{changeset.id}'/></osm>"
put node_create_path, :params => xml, :headers => auth_header
assert_response :too_many_requests, "node create did not hit rate limit"
end
private
##