disable and fix errors in test_rest_login_rate_limit

rouilj · rouilj · commit 2159046bd15c · 2023-02-21T18:07:37.000-05:00
The test is testing functionality that doesn't yet exist.
So disable for now.

Also with tightening of origin checks in rev: 72a54826ff4f add origin
header to options requests.
diff --git a/test/test_liveserver.py b/test/test_liveserver.py
@@ -616,18 +616,26 @@ def test_rest_endpoint_attribute_options(self):
 
         self.assertEqual(f.status_code, 404)
 
-    def test_rest_login_rate_limit(self):
+    def DISABLEtest_rest_login_rate_limit(self):
         """login rate limit applies to api endpoints. Only failure
             logins count though. So log in 10 times in a row
             to verify that valid username/passwords aren't limited.
+     
+            FIXME: client.py does not implement this. Also need a live
+            server instance that has
+
+               cls.db.config.WEB_LOGIN_ATTEMPTS_MIN = 4
+
+            not 0.
         """
 
         for i in range(10):
             # use basic auth for rest endpoint
         
             f = requests.options(self.url_base() + '/rest/data',
                                  auth=('admin', 'sekrit'),
-                                 headers = {'content-type': ""}
+                                 headers = {'content-type': "",
+                                            'Origin': "http://localhost:9001",}
             )
             print(f.status_code)
             print(f.headers)
@@ -645,13 +653,17 @@ def test_rest_login_rate_limit(self):
         
             f = requests.options(self.url_base() + '/rest/data',
                                  auth=('admin', 'ekrit'),
-                                 headers = {'content-type': ""}
+                                 headers = {'content-type': "",
+                                            'Origin': "http://localhost:9001",}
             )
             print(i, f.status_code)
             print(f.headers)
             print(f.text)
 
-            self.assertEqual(f.status_code, 401)
+            if (i < 3): # assuming limit is 4.
+                self.assertEqual(f.status_code, 401)
+            else:
+                self.assertEqual(f.status_code, 429)
 
     def test_ims(self):
         ''' retreive the user_utils.js file with old and new
