Mercurial > public > sg101

view antispam/tests/rate_limit_tests.py @ 631:f36d1a168be7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
For issue 27, disable login dialog button during POST. This seems to prevent multiple logins most of the time. You can still bang on the enter key and sometimes get more through.
author Brian Neal <bgneal@gmail.com>
date Wed, 14 Nov 2012 20:57:05 -0600
parents ee87ea74d46b
children
line wrap: on
line source
"""
Tests for the rate limiting function in the antispam application.

"""
from django.test import TestCase
from django.core.urlresolvers import reverse

from antispam.rate_limit import _make_key
from core.services import get_redis_connection


class RateLimitTestCase(TestCase):
    KEY = _make_key('127.0.0.1')

    def setUp(self):
        self.conn = get_redis_connection()
        self.conn.delete(self.KEY)

    def tearDown(self):
        self.conn.delete(self.KEY)

    def testRegistrationLockout(self):

        for i in range(1, 11):
            response = self.client.post(
                    reverse('accounts-register'),
                    {},
                    follow=True)

            if i < 10:
                self.assertEqual(response.status_code, 200)
                self.assertTemplateUsed(response, 'accounts/register.html')
            elif i >= 10:
                self.assertEqual(response.status_code, 403)
                self.assertTemplateUsed(response, 'antispam/blocked.html')

    def testLoginLockout(self):

        for i in range(1, 11):
            response = self.client.post(
                    reverse('accounts-login'),
                    {},
                    follow=True)

            if i < 10:
                self.assertEqual(response.status_code, 200)
                self.assertTemplateUsed(response, 'accounts/login.html')
            elif i >= 10:
                self.assertEqual(response.status_code, 403)
                self.assertTemplateUsed(response, 'antispam/blocked.html')

    def testHoneypotLockout(self):

        response = self.client.post(
                reverse('accounts-register'), {
                    'username': u'test_user',
                    'email': u'test_user@example.com',
                    'password1': u'password',
                    'password2': u'password',
                    'agree_age': u'on',
                    'agree_tos': u'on',
                    'agree_privacy': u'on',
                    'question1': u'101',
                    'question2': u'DsjkdE$',
                },
                follow=True)

        val = self.conn.get(self.KEY)
        self.assertEqual(val, '1000001')

        response = self.client.post(
                reverse('accounts-login'),
                {},
                follow=True)

        self.assertEqual(response.status_code, 403)
        self.assertTemplateUsed(response, 'antispam/blocked.html')