2fas-server/tests/mobile/mobile_security_test.go

88 lines
1.8 KiB
Go
Raw Normal View History

2022-12-31 10:22:38 +01:00
package tests
import (
2024-01-02 09:48:34 +01:00
"net/http"
"testing"
2022-12-31 10:22:38 +01:00
"github.com/google/uuid"
2024-01-02 09:48:34 +01:00
"github.com/stretchr/testify/require"
2023-01-30 19:59:42 +01:00
"github.com/twofas/2fas-server/tests"
2024-01-02 09:48:34 +01:00
"golang.org/x/sync/errgroup"
2022-12-31 10:22:38 +01:00
)
func Test_MobileApiBandwidthAbuse(t *testing.T) {
someId := uuid.New()
2024-01-02 09:48:34 +01:00
noOfRequest := 130
noOfWorkers := 20
responseCh := make(chan int, noOfRequest)
eg := errgroup.Group{}
eg.SetLimit(noOfWorkers)
for i := 0; i < noOfRequest; i++ {
eg.Go(func() error {
resp := tests.DoAPIGet(t, "/mobile/devices/"+someId.String()+"/browser_extensions", nil)
responseCh <- resp.StatusCode
return nil
})
}
require.NoError(t, eg.Wait())
close(responseCh)
var got404, got429 int
for code := range responseCh {
switch code {
case http.StatusNotFound:
got404++
case http.StatusTooManyRequests:
got429++
default:
t.Fatalf("Unexpected code: %v", code)
}
2022-12-31 10:22:38 +01:00
}
2024-01-02 09:48:34 +01:00
// Default rate limit is 100 per minute.
// So we expect around 100 - 404, and around 30 - 429
require.InDelta(t, 100, got404, 2.0)
require.InDelta(t, 30, got429, 2.0)
2022-12-31 10:22:38 +01:00
}
func Test_BrowserExtensionApiBandwidthAbuse(t *testing.T) {
someId := uuid.New()
2024-01-02 09:48:34 +01:00
noOfRequest := 130
noOfWorkers := 20
responseCh := make(chan int, noOfRequest)
eg := errgroup.Group{}
eg.SetLimit(noOfWorkers)
for i := 0; i < noOfRequest; i++ {
eg.Go(func() error {
resp := tests.DoAPIGet(t, "/browser_extensions/"+someId.String(), nil)
responseCh <- resp.StatusCode
return nil
})
}
require.NoError(t, eg.Wait())
close(responseCh)
var got404, got429 int
for code := range responseCh {
switch code {
case http.StatusNotFound:
got404++
case http.StatusTooManyRequests:
got429++
default:
t.Fatalf("Unexpected code: %v", code)
}
2022-12-31 10:22:38 +01:00
}
2024-01-02 09:48:34 +01:00
// Default rate limit is 100 per minute.
// So we expect around 100 - 404, and around 30 - 429
require.InDelta(t, 100, got404, 2.0)
require.InDelta(t, 30, got429, 2.0)
2022-12-31 10:22:38 +01:00
}