ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

routes: skip rate limiting for trusted certificate holders

Browse Source
This commit is contained in:
Username
2026-02-18 08:42:25 +01:00
parent 283f87b9c4
commit c69290af2d
3 changed files with 102 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
tests/test_rate_limiting.py
View File

@@ -92,44 +92,37 @@ class TestRateLimiting:
finally:
app.config["RATE_LIMIT_MAX"] = original_max
def test_rate_limit_auth_multiplier(self, client, app, auth_header):
"""Authenticated users get higher rate limits."""
def test_trusted_cert_exempt_from_rate_limit(self, client, app, auth_header):
"""Trusted certificate holders are exempt from rate limiting."""
original_max = app.config["RATE_LIMIT_MAX"]
original_mult = app.config["RATE_LIMIT_AUTH_MULTIPLIER"]
app.config["RATE_LIMIT_MAX"] = 2
app.config["RATE_LIMIT_AUTH_MULTIPLIER"] = 3 # 2 * 3 = 6 for auth users
try:
# Authenticated user can make more requests than base limit
# Trusted client can exceed the base limit without being blocked
for i in range(5):
response = client.post(
"/",
data=f"auth {i}",
data=f"trusted {i}",
content_type="text/plain",
headers=auth_header,
)
assert response.status_code == 201
# 6th request should succeed (limit is 2*3=6)
# Anonymous user hits the limit
for i in range(2):
client.post(
"/",
data=f"anon {i}",
content_type="text/plain",
)
response = client.post(
"/",
data="auth 6",
data="anon overflow",
content_type="text/plain",
headers=auth_header,
)
assert response.status_code == 201
# 7th should fail
response = client.post(
"/",
data="auth 7",
content_type="text/plain",
headers=auth_header,
)
assert response.status_code == 429
finally:
app.config["RATE_LIMIT_MAX"] = original_max
app.config["RATE_LIMIT_AUTH_MULTIPLIER"] = original_mult
def test_rate_limit_can_be_disabled(self, client, app):
"""Rate limiting can be disabled via config."""