wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/build/integration/features/ratelimiting.feature
Lukas Reschke 66835476b5
Add support for ratelimiting via annotations 
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00

58 lines
2.8 KiB
Gherkin
Raw Blame History

Feature: ratelimiting
Background:
Given user "user0" exists
Given As an "admin"
Given app "testing" is enabled
Scenario: Accessing a page with only an AnonRateThrottle as user
Given user "user0" exists
# First request should work
When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth
Then the HTTP status code should be "200"
# Second one should fail
When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth
Then the HTTP status code should be "429"
# After 11 seconds the next request should work
And Sleep for "11" seconds
When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth
Then the HTTP status code should be "200"
Scenario: Accessing a page with only an AnonRateThrottle as guest
Given Sleep for "11" seconds
# First request should work
When requesting "/index.php/apps/testing/anonProtected" with "GET"
Then the HTTP status code should be "200"
# Second one should fail
When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth
Then the HTTP status code should be "429"
# After 11 seconds the next request should work
And Sleep for "11" seconds
When requesting "/index.php/apps/testing/anonProtected" with "GET" using basic auth
Then the HTTP status code should be "200"
Scenario: Accessing a page with UserRateThrottle and AnonRateThrottle
# First request should work as guest
When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET"
Then the HTTP status code should be "200"
# Second request should fail as guest
When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET"
Then the HTTP status code should be "429"
# First request should work as user
When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth
Then the HTTP status code should be "200"
# Second request should work as user
When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth
Then the HTTP status code should be "200"
# Third request should work as user
When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth
Then the HTTP status code should be "200"
# Fourth request should work as user
When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth
Then the HTTP status code should be "200"
# Fifth request should work as user
When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET" using basic auth
Then the HTTP status code should be "200"
# Sixth request should fail as user
When requesting "/index.php/apps/testing/userAndAnonProtected" with "GET"
Then the HTTP status code should be "429"
Reference in a new issue View git blame Copy permalink