discourse/spec/components/rate_limiter_spec.rb

# frozen_string_literal: true

require 'rails_helper'
require 'rate_limiter'

describe RateLimiter do

  fab!(:user) { Fabricate(:user) }
  let(:rate_limiter) { RateLimiter.new(user, "peppermint-butler", 2, 60) }

  context 'disabled' do
    before do
      rate_limiter.performed!
      rate_limiter.performed!
    end

    it "should be disabled" do
      expect(RateLimiter.disabled?).to eq(true)
    end

    it "returns true for can_perform?" do
      expect(rate_limiter.can_perform?).to eq(true)
    end

    it "doesn't raise an error on performed!" do
      expect { rate_limiter.performed! }.not_to raise_error
    end

  end

  context 'enabled' do
    before do
      RateLimiter.enable
      rate_limiter.clear!
    end

    after do
      RateLimiter.disable
    end

    context 'aggressive rate limiter' do

      it 'can operate correctly and totally stop limiting' do

        freeze_time

        # 2 requests every 30 seconds
        limiter = RateLimiter.new(nil, "test", 2, 30, global: true, aggressive: true)
        limiter.clear!

        limiter.performed!
        limiter.performed!

        freeze_time 29.seconds.from_now

        expect do
          limiter.performed!
        end.to raise_error(RateLimiter::LimitExceeded)

        expect do
          limiter.performed!
        end.to raise_error(RateLimiter::LimitExceeded)

        # in aggressive mode both these ^^^ count as an attempt
        freeze_time 29.seconds.from_now

        expect do
          limiter.performed!
        end.to raise_error(RateLimiter::LimitExceeded)

        expect do
          limiter.performed!
        end.to raise_error(RateLimiter::LimitExceeded)

        freeze_time 31.seconds.from_now

        limiter.performed!
        limiter.performed!

      end
    end

    context 'global rate limiter' do

      it 'can operate in global mode' do
        limiter = RateLimiter.new(nil, "test", 2, 30, global: true)
        limiter.clear!

        thrown = false

        limiter.performed!
        limiter.performed!
        begin
          limiter.performed!
        rescue RateLimiter::LimitExceeded => e
          expect(Integer === e.available_in).to eq(true)
          expect(e.available_in).to be > 28
          expect(e.available_in).to be < 32
          thrown = true
        end
        expect(thrown).to be(true)
      end

    end

    context 'handles readonly' do
      before do
        Discourse.redis.without_namespace.slaveof '10.0.0.1', '99999'
      end

      after do
        Discourse.redis.without_namespace.slaveof 'no', 'one'
      end

      it 'does not explode' do
        expect { rate_limiter.performed! }.not_to raise_error
      end
    end

    context 'never done' do
      it "should perform right away" do
        expect(rate_limiter.can_perform?).to eq(true)
      end

      it "performs without an error" do
        expect { rate_limiter.performed! }.not_to raise_error
      end
    end

    context "remaining" do
      it "updates correctly" do
        expect(rate_limiter.remaining).to eq(2)
        rate_limiter.performed!
        expect(rate_limiter.remaining).to eq(1)
        rate_limiter.performed!
        expect(rate_limiter.remaining).to eq(0)
      end
    end

    context 'max is less than or equal to zero' do

      it 'should raise the right error' do
        [-1, 0, nil].each do |max|
          expect do
            RateLimiter.new(user, "a", max, 60).performed!
          end.to raise_error(RateLimiter::LimitExceeded)
        end
      end
    end

    context "multiple calls" do
      before do
        rate_limiter.performed!
        rate_limiter.performed!
      end

      it "returns false for can_perform when the limit has been hit" do
        expect(rate_limiter.can_perform?).to eq(false)
        expect(rate_limiter.remaining).to eq(0)
      end

      it "raises an error the third time called" do
        expect { rate_limiter.performed! }.to raise_error(RateLimiter::LimitExceeded)
      end

      context "as an admin/moderator" do
        it "returns true for can_perform if the user is an admin" do
          user.admin = true
          expect(rate_limiter.can_perform?).to eq(true)
          expect(rate_limiter.remaining).to eq(2)
        end

        it "doesn't raise an error when an admin performs the task" do
          user.admin = true
          expect { rate_limiter.performed! }.not_to raise_error
        end

        it "returns true for can_perform if the user is a mod" do
          user.moderator = true
          expect(rate_limiter.can_perform?).to eq(true)
        end

        it "doesn't raise an error when a moderator performs the task" do
          user.moderator = true
          expect { rate_limiter.performed! }.not_to raise_error
        end
      end

      context "rollback!" do
        before do
          rate_limiter.rollback!
        end

        it "returns true for can_perform since there is now room" do
          expect(rate_limiter.can_perform?).to eq(true)
        end

        it "raises no error now that there is room" do
          expect { rate_limiter.performed! }.not_to raise_error
        end
      end

    end
  end

end
DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction 2019-04-29 20:27:42 -04:00			`# frozen_string_literal: true`

Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails. 2015-10-11 05:41:23 -04:00			`require 'rails_helper'`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`require 'rate_limiter'`

			`describe RateLimiter do`

DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0 2019-05-06 23:12:20 -04:00			`fab!(:user) { Fabricate(:user) }`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`let(:rate_limiter) { RateLimiter.new(user, "peppermint-butler", 2, 60) }`

			`context 'disabled' do`
			`before do`
			`rate_limiter.performed!`
remove trailing whitespaces :heart: 2013-02-25 11:42:20 -05:00			`rate_limiter.performed!`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`it "should be disabled" do`
			`expect(RateLimiter.disabled?).to eq(true)`
			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`it "returns true for can_perform?" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(rate_limiter.can_perform?).to eq(true)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`it "doesn't raise an error on performed!" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect { rate_limiter.performed! }.not_to raise_error`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`end`

			`context 'enabled' do`
			`before do`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`RateLimiter.enable`
remove trailing whitespaces :heart: 2013-02-25 11:42:20 -05:00			`rate_limiter.clear!`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`after do`
			`RateLimiter.disable`
			`end`

PERF: introduce aggressive rate limiting for anonymous (#11129) Previous to this change our anonymous rate limits acted as a throttle. New implementation means we now also consider rate limited requests towards the limit. This means that if an anonymous user is hammering the server it will not be able to get any requests through until it subsides with traffic. 2020-11-05 00:36:17 -05:00			`context 'aggressive rate limiter' do`

			`it 'can operate correctly and totally stop limiting' do`

			`freeze_time`

			`# 2 requests every 30 seconds`
			`limiter = RateLimiter.new(nil, "test", 2, 30, global: true, aggressive: true)`
			`limiter.clear!`

			`limiter.performed!`
			`limiter.performed!`

			`freeze_time 29.seconds.from_now`

			`expect do`
			`limiter.performed!`
			`end.to raise_error(RateLimiter::LimitExceeded)`

			`expect do`
			`limiter.performed!`
			`end.to raise_error(RateLimiter::LimitExceeded)`

			`# in aggressive mode both these ^^^ count as an attempt`
			`freeze_time 29.seconds.from_now`

			`expect do`
			`limiter.performed!`
			`end.to raise_error(RateLimiter::LimitExceeded)`

			`expect do`
			`limiter.performed!`
			`end.to raise_error(RateLimiter::LimitExceeded)`

			`freeze_time 31.seconds.from_now`

			`limiter.performed!`
			`limiter.performed!`

			`end`
			`end`

Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`context 'global rate limiter' do`

			`it 'can operate in global mode' do`
FIX: regression around rate limiter 2017-12-04 05:44:16 -05:00			`limiter = RateLimiter.new(nil, "test", 2, 30, global: true)`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`limiter.clear!`

FIX: regression around rate limiter 2017-12-04 05:44:16 -05:00			`thrown = false`

Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`limiter.performed!`
			`limiter.performed!`
FIX: regression around rate limiter 2017-12-04 05:44:16 -05:00			`begin`
			`limiter.performed!`
			`rescue RateLimiter::LimitExceeded => e`
correct spec on Ruby 2.3 2017-12-04 15:04:41 -05:00			`expect(Integer === e.available_in).to eq(true)`
FIX: regression around rate limiter 2017-12-04 05:44:16 -05:00			`expect(e.available_in).to be > 28`
			`expect(e.available_in).to be < 32`
			`thrown = true`
			`end`
			`expect(thrown).to be(true)`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`end`

			`end`

			`context 'handles readonly' do`
			`before do`
DEV: s/\$redis/Discourse\.redis (#8431) This commit also adds a rubocop rule to prevent global variables. 2019-12-03 04:05:53 -05:00			`Discourse.redis.without_namespace.slaveof '10.0.0.1', '99999'`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`end`

			`after do`
DEV: s/\$redis/Discourse\.redis (#8431) This commit also adds a rubocop rule to prevent global variables. 2019-12-03 04:05:53 -05:00			`Discourse.redis.without_namespace.slaveof 'no', 'one'`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`end`

			`it 'does not explode' do`
			`expect { rate_limiter.performed! }.not_to raise_error`
			`end`
			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`context 'never done' do`
			`it "should perform right away" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(rate_limiter.can_perform?).to eq(true)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`it "performs without an error" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect { rate_limiter.performed! }.not_to raise_error`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`
			`end`

FEATURE: Warn a user when they have few likes remaining 2016-03-18 11:17:51 -04:00			`context "remaining" do`
			`it "updates correctly" do`
			`expect(rate_limiter.remaining).to eq(2)`
			`rate_limiter.performed!`
			`expect(rate_limiter.remaining).to eq(1)`
			`rate_limiter.performed!`
			`expect(rate_limiter.remaining).to eq(0)`
			`end`
			`end`

FIX: `RateLimiter` max of zero or less should raise rate limit exceeded. 2018-03-01 00:12:31 -05:00			`context 'max is less than or equal to zero' do`

			`it 'should raise the right error' do`
Add guard for `nil` in our `RateLimiter`. 2018-03-01 00:20:42 -05:00			`[-1, 0, nil].each do \|max\|`
FIX: `RateLimiter` max of zero or less should raise rate limit exceeded. 2018-03-01 00:12:31 -05:00			`expect do`
			`RateLimiter.new(user, "a", max, 60).performed!`
			`end.to raise_error(RateLimiter::LimitExceeded)`
			`end`
			`end`
			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`context "multiple calls" do`
			`before do`
			`rate_limiter.performed!`
			`rate_limiter.performed!`
			`end`

			`it "returns false for can_perform when the limit has been hit" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(rate_limiter.can_perform?).to eq(false)`
FEATURE: Warn a user when they have few likes remaining 2016-03-18 11:17:51 -04:00			`expect(rate_limiter.remaining).to eq(0)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`it "raises an error the third time called" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect { rate_limiter.performed! }.to raise_error(RateLimiter::LimitExceeded)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`context "as an admin/moderator" do`
			`it "returns true for can_perform if the user is an admin" do`
			`user.admin = true`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(rate_limiter.can_perform?).to eq(true)`
FEATURE: Warn a user when they have few likes remaining 2016-03-18 11:17:51 -04:00			`expect(rate_limiter.remaining).to eq(2)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`it "doesn't raise an error when an admin performs the task" do`
			`user.admin = true`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect { rate_limiter.performed! }.not_to raise_error`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`it "returns true for can_perform if the user is a mod" do`
pull moderator into own column, rename trust levels 2013-03-20 00:05:19 -04:00			`user.moderator = true`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(rate_limiter.can_perform?).to eq(true)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`it "doesn't raise an error when a moderator performs the task" do`
pull moderator into own column, rename trust levels 2013-03-20 00:05:19 -04:00			`user.moderator = true`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect { rate_limiter.performed! }.not_to raise_error`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`
			`end`

			`context "rollback!" do`
			`before do`
			`rate_limiter.rollback!`
			`end`

			`it "returns true for can_perform since there is now room" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect(rate_limiter.can_perform?).to eq(true)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`it "raises no error now that there is room" do`
few components with rspec3 syntax 2015-01-09 11:34:37 -05:00			`expect { rate_limiter.performed! }.not_to raise_error`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`
			`end`

remove trailing whitespaces :heart: 2013-02-25 11:42:20 -05:00			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`end`