From 1262d254736229618582f0963c9c30c4e66efb98 Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Wed, 31 Jan 2018 09:49:15 -0800
Subject: User based rate limiting (#8152)

---
 app/ratelimit_test.go | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 app/ratelimit_test.go

(limited to 'app/ratelimit_test.go')

diff --git a/app/ratelimit_test.go b/app/ratelimit_test.go
new file mode 100644
index 000000000..ddaa25710
--- /dev/null
+++ b/app/ratelimit_test.go
@@ -0,0 +1,67 @@
+// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package app
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strconv"
+	"testing"
+
+	"github.com/mattermost/mattermost-server/model"
+	"github.com/stretchr/testify/require"
+)
+
+func genRateLimitSettings(useAuth, useIP bool, header string) *model.RateLimitSettings {
+	return &model.RateLimitSettings{
+		Enable:           model.NewBool(true),
+		PerSec:           model.NewInt(10),
+		MaxBurst:         model.NewInt(100),
+		MemoryStoreSize:  model.NewInt(10000),
+		VaryByRemoteAddr: model.NewBool(useIP),
+		VaryByUser:       model.NewBool(useAuth),
+		VaryByHeader:     header,
+	}
+}
+
+func TestGenerateKey(t *testing.T) {
+	cases := []struct {
+		useAuth         bool
+		useIP           bool
+		header          string
+		authTokenResult string
+		ipResult        string
+		headerResult    string
+		expectedKey     string
+	}{
+		{false, false, "", "", "", "", ""},
+		{true, false, "", "resultkey", "notme", "notme", "resultkey"},
+		{false, true, "", "notme", "resultkey", "notme", "resultkey"},
+		{false, false, "myheader", "notme", "notme", "resultkey", "resultkey"},
+		{true, true, "", "resultkey", "ipaddr", "notme", "resultkey"},
+		{true, true, "", "", "ipaddr", "notme", "ipaddr"},
+		{true, true, "myheader", "resultkey", "ipaddr", "hadd", "resultkeyhadd"},
+		{true, true, "myheader", "", "ipaddr", "hadd", "ipaddrhadd"},
+	}
+
+	for testnum, tc := range cases {
+		req := httptest.NewRequest("GET", "/", nil)
+		if tc.authTokenResult != "" {
+			req.AddCookie(&http.Cookie{
+				Name:  model.SESSION_COOKIE_TOKEN,
+				Value: tc.authTokenResult,
+			})
+		}
+		req.RemoteAddr = tc.ipResult + ":80"
+		if tc.headerResult != "" {
+			req.Header.Set(tc.header, tc.headerResult)
+		}
+
+		rateLimiter := NewRateLimiter(genRateLimitSettings(tc.useAuth, tc.useIP, tc.header))
+
+		key := rateLimiter.GenerateKey(req)
+
+		require.Equal(t, tc.expectedKey, key, "Wrong key on test "+strconv.Itoa(testnum))
+	}
+}
-- 
cgit v1.2.3-1-g7c22


From 034dbc07e3068c482e654b6a1a8fcbe4b01c44f3 Mon Sep 17 00:00:00 2001
From: Pierre de La Morinerie <kemenaran@gmail.com>
Date: Tue, 6 Feb 2018 10:57:34 +0530
Subject: handle RateLimiter initialization errors (#8199)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, an error occuring in NewRateLimiter would return a nil
reference – which would be de-referenced just after, making the server
crash.
---
 app/ratelimit_test.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'app/ratelimit_test.go')

diff --git a/app/ratelimit_test.go b/app/ratelimit_test.go
index ddaa25710..fb157b2b0 100644
--- a/app/ratelimit_test.go
+++ b/app/ratelimit_test.go
@@ -25,6 +25,21 @@ func genRateLimitSettings(useAuth, useIP bool, header string) *model.RateLimitSe
 	}
 }
 
+func TestNewRateLimiterSuccess(t *testing.T) {
+	settings := genRateLimitSettings(false, false, "")
+	rateLimiter, err := NewRateLimiter(settings)
+	require.NotNil(t, rateLimiter)
+	require.NoError(t, err)
+}
+
+func TestNewRateLimiterFailure(t *testing.T) {
+	invalidSettings := genRateLimitSettings(false, false, "")
+	invalidSettings.MaxBurst = model.NewInt(-100)
+	rateLimiter, err := NewRateLimiter(invalidSettings)
+	require.Nil(t, rateLimiter)
+	require.Error(t, err)
+}
+
 func TestGenerateKey(t *testing.T) {
 	cases := []struct {
 		useAuth         bool
@@ -58,7 +73,7 @@ func TestGenerateKey(t *testing.T) {
 			req.Header.Set(tc.header, tc.headerResult)
 		}
 
-		rateLimiter := NewRateLimiter(genRateLimitSettings(tc.useAuth, tc.useIP, tc.header))
+		rateLimiter, _ := NewRateLimiter(genRateLimitSettings(tc.useAuth, tc.useIP, tc.header))
 
 		key := rateLimiter.GenerateKey(req)
 
-- 
cgit v1.2.3-1-g7c22