Commit dd7081cd authored by Alain Takoudjou's avatar Alain Takoudjou

update test for rack_attack

parent 854f6248
......@@ -46,7 +46,7 @@ md5sum = f21ad3ae0e96e80ca4ea3819d4e9097f
[gitlab.yml.in]
_update_hash_filename_ = template/gitlab.yml.in
md5sum = aa22a70294cb78577588854ef8403dba
md5sum = 0618288bd77ccbc7f7e9460be230fbf8
[gitaly-config.toml.in]
_update_hash_filename_ = template/gitaly-config.toml.in
......
......@@ -402,3 +402,4 @@ docutils = 0.16
cns.recipe.symlink = 0.2.3
plone.recipe.command = 1.1
z3c.recipe.scripts = 1.0.1
beautifulsoup4 = 4.12.3
......@@ -566,7 +566,7 @@ production: &base
{# ICP: '{{ cfg("icp_license") }}' #}
{% endif %}
rack_attack:
rack_attack:
git_basic_auth:
# Rack Attack IP banning enabled
enabled: {{ cfg("rack_attack_enable") }}
......
......@@ -46,6 +46,7 @@ setup(
'erp5.util',
'supervisor',
'requests',
'beautifulsoup4'
],
zip_safe=True,
test_suite='test',
......
......@@ -26,10 +26,10 @@
##############################################################################
import os
import logging
import urllib
import requests
import functools
import bs4
from urllib.parse import urljoin
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
......@@ -56,10 +56,28 @@ class TestGitlab(SlapOSInstanceTestCase):
resp.status_code in [requests.codes.ok, requests.codes.found])
def test_rack_attack_sign_in_rate_limiting(self):
session = requests.session()
# Load the login page to get a CSRF token.
response = session.get(urljoin(self.backend_url, 'users/sign_in'))
self.assertEqual(response.status_code, 200)
# Extract the CSRF token and param.
bsoup = bs4.BeautifulSoup(response.text, 'html.parser')
csrf_param = bsoup.find('meta', dict(name='csrf-param'))['content']
csrf_token = bsoup.find('meta', dict(name='csrf-token'))['content']
request_data = {
'user[login]': 'test',
'user[password]': 'random',
csrf_param: csrf_token}
sign_in = functools.partial(
requests.post,
urllib.parse.urljoin(self.backend_url, '/users/sign_in'),
response.url,
data=request_data,
verify=False)
for _ in range(10):
sign_in(headers={'X_FORWARDED_FOR': '1.2.3.4'})
# after 10 authentication failures, this client is rate limited
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment