nextcloud /
server
@@ -19,116 +19,116 @@ |
||
| 19 | 19 | |
| 20 | 20 | class LimiterTest extends TestCase { |
| 21 | 21 | |
| 22 | - private IBackend&MockObject $backend; |
|
| 23 | - private ILimiter $limiter; |
|
| 24 | - private LoggerInterface $logger; |
|
| 25 | - |
|
| 26 | - protected function setUp(): void { |
|
| 27 | - parent::setUp(); |
|
| 28 | - |
|
| 29 | - $this->backend = $this->createMock(IBackend::class); |
|
| 30 | - $this->logger = $this->createMock(LoggerInterface::class); |
|
| 31 | - |
|
| 32 | - $this->limiter = new Limiter( |
|
| 33 | - $this->backend, |
|
| 34 | - $this->logger, |
|
| 35 | - ); |
|
| 36 | - } |
|
| 37 | - |
|
| 38 | - |
|
| 39 | - public function testRegisterAnonRequestExceeded(): void { |
|
| 40 | - $this->expectException(\OC\Security\RateLimiting\Exception\RateLimitExceededException::class); |
|
| 41 | - $this->expectExceptionMessage('Rate limit exceeded'); |
|
| 42 | - |
|
| 43 | - $this->backend |
|
| 44 | - ->expects($this->once()) |
|
| 45 | - ->method('getAttempts') |
|
| 46 | - ->with( |
|
| 47 | - 'MyIdentifier', |
|
| 48 | - '4664f0d9c88dcb7552be47b37bb52ce35977b2e60e1ac13757cf625f31f87050a41f3da064887fa87d49fd042e4c8eb20de8f10464877d3959677ab011b73a47' |
|
| 49 | - ) |
|
| 50 | - ->willReturn(101); |
|
| 51 | - $this->logger->expects($this->once()) |
|
| 52 | - ->method('info'); |
|
| 53 | - |
|
| 54 | - $this->limiter->registerAnonRequest('MyIdentifier', 100, 100, '127.0.0.1'); |
|
| 55 | - } |
|
| 56 | - |
|
| 57 | - public function testRegisterAnonRequestSuccess(): void { |
|
| 58 | - $this->backend |
|
| 59 | - ->expects($this->once()) |
|
| 60 | - ->method('getAttempts') |
|
| 61 | - ->with( |
|
| 62 | - 'MyIdentifier', |
|
| 63 | - '4664f0d9c88dcb7552be47b37bb52ce35977b2e60e1ac13757cf625f31f87050a41f3da064887fa87d49fd042e4c8eb20de8f10464877d3959677ab011b73a47' |
|
| 64 | - ) |
|
| 65 | - ->willReturn(99); |
|
| 66 | - $this->backend |
|
| 67 | - ->expects($this->once()) |
|
| 68 | - ->method('registerAttempt') |
|
| 69 | - ->with( |
|
| 70 | - 'MyIdentifier', |
|
| 71 | - '4664f0d9c88dcb7552be47b37bb52ce35977b2e60e1ac13757cf625f31f87050a41f3da064887fa87d49fd042e4c8eb20de8f10464877d3959677ab011b73a47', |
|
| 72 | - 100 |
|
| 73 | - ); |
|
| 74 | - $this->logger->expects($this->never()) |
|
| 75 | - ->method('info'); |
|
| 76 | - |
|
| 77 | - $this->limiter->registerAnonRequest('MyIdentifier', 100, 100, '127.0.0.1'); |
|
| 78 | - } |
|
| 79 | - |
|
| 80 | - |
|
| 81 | - public function testRegisterUserRequestExceeded(): void { |
|
| 82 | - $this->expectException(\OC\Security\RateLimiting\Exception\RateLimitExceededException::class); |
|
| 83 | - $this->expectExceptionMessage('Rate limit exceeded'); |
|
| 84 | - |
|
| 85 | - /** @var IUser|\PHPUnit\Framework\MockObject\MockObject $user */ |
|
| 86 | - $user = $this->createMock(IUser::class); |
|
| 87 | - $user |
|
| 88 | - ->expects($this->once()) |
|
| 89 | - ->method('getUID') |
|
| 90 | - ->willReturn('MyUid'); |
|
| 91 | - $this->backend |
|
| 92 | - ->expects($this->once()) |
|
| 93 | - ->method('getAttempts') |
|
| 94 | - ->with( |
|
| 95 | - 'MyIdentifier', |
|
| 96 | - 'ddb2ec50fa973fd49ecf3d816f677c8095143e944ad10485f30fb3dac85c13a346dace4dae2d0a15af91867320957bfd38a43d9eefbb74fe6919e15119b6d805' |
|
| 97 | - ) |
|
| 98 | - ->willReturn(101); |
|
| 99 | - $this->logger->expects($this->once()) |
|
| 100 | - ->method('info'); |
|
| 101 | - |
|
| 102 | - $this->limiter->registerUserRequest('MyIdentifier', 100, 100, $user); |
|
| 103 | - } |
|
| 104 | - |
|
| 105 | - public function testRegisterUserRequestSuccess(): void { |
|
| 106 | - /** @var IUser|\PHPUnit\Framework\MockObject\MockObject $user */ |
|
| 107 | - $user = $this->createMock(IUser::class); |
|
| 108 | - $user |
|
| 109 | - ->expects($this->once()) |
|
| 110 | - ->method('getUID') |
|
| 111 | - ->willReturn('MyUid'); |
|
| 112 | - |
|
| 113 | - $this->backend |
|
| 114 | - ->expects($this->once()) |
|
| 115 | - ->method('getAttempts') |
|
| 116 | - ->with( |
|
| 117 | - 'MyIdentifier', |
|
| 118 | - 'ddb2ec50fa973fd49ecf3d816f677c8095143e944ad10485f30fb3dac85c13a346dace4dae2d0a15af91867320957bfd38a43d9eefbb74fe6919e15119b6d805' |
|
| 119 | - ) |
|
| 120 | - ->willReturn(99); |
|
| 121 | - $this->backend |
|
| 122 | - ->expects($this->once()) |
|
| 123 | - ->method('registerAttempt') |
|
| 124 | - ->with( |
|
| 125 | - 'MyIdentifier', |
|
| 126 | - 'ddb2ec50fa973fd49ecf3d816f677c8095143e944ad10485f30fb3dac85c13a346dace4dae2d0a15af91867320957bfd38a43d9eefbb74fe6919e15119b6d805', |
|
| 127 | - 100 |
|
| 128 | - ); |
|
| 129 | - $this->logger->expects($this->never()) |
|
| 130 | - ->method('info'); |
|
| 131 | - |
|
| 132 | - $this->limiter->registerUserRequest('MyIdentifier', 100, 100, $user); |
|
| 133 | - } |
|
| 22 | + private IBackend&MockObject $backend; |
|
| 23 | + private ILimiter $limiter; |
|
| 24 | + private LoggerInterface $logger; |
|
| 25 | + |
|
| 26 | + protected function setUp(): void { |
|
| 27 | + parent::setUp(); |
|
| 28 | + |
|
| 29 | + $this->backend = $this->createMock(IBackend::class); |
|
| 30 | + $this->logger = $this->createMock(LoggerInterface::class); |
|
| 31 | + |
|
| 32 | + $this->limiter = new Limiter( |
|
| 33 | + $this->backend, |
|
| 34 | + $this->logger, |
|
| 35 | + ); |
|
| 36 | + } |
|
| 37 | + |
|
| 38 | + |
|
| 39 | + public function testRegisterAnonRequestExceeded(): void { |
|
| 40 | + $this->expectException(\OC\Security\RateLimiting\Exception\RateLimitExceededException::class); |
|
| 41 | + $this->expectExceptionMessage('Rate limit exceeded'); |
|
| 42 | + |
|
| 43 | + $this->backend |
|
| 44 | + ->expects($this->once()) |
|
| 45 | + ->method('getAttempts') |
|
| 46 | + ->with( |
|
| 47 | + 'MyIdentifier', |
|
| 48 | + '4664f0d9c88dcb7552be47b37bb52ce35977b2e60e1ac13757cf625f31f87050a41f3da064887fa87d49fd042e4c8eb20de8f10464877d3959677ab011b73a47' |
|
| 49 | + ) |
|
| 50 | + ->willReturn(101); |
|
| 51 | + $this->logger->expects($this->once()) |
|
| 52 | + ->method('info'); |
|
| 53 | + |
|
| 54 | + $this->limiter->registerAnonRequest('MyIdentifier', 100, 100, '127.0.0.1'); |
|
| 55 | + } |
|
| 56 | + |
|
| 57 | + public function testRegisterAnonRequestSuccess(): void { |
|
| 58 | + $this->backend |
|
| 59 | + ->expects($this->once()) |
|
| 60 | + ->method('getAttempts') |
|
| 61 | + ->with( |
|
| 62 | + 'MyIdentifier', |
|
| 63 | + '4664f0d9c88dcb7552be47b37bb52ce35977b2e60e1ac13757cf625f31f87050a41f3da064887fa87d49fd042e4c8eb20de8f10464877d3959677ab011b73a47' |
|
| 64 | + ) |
|
| 65 | + ->willReturn(99); |
|
| 66 | + $this->backend |
|
| 67 | + ->expects($this->once()) |
|
| 68 | + ->method('registerAttempt') |
|
| 69 | + ->with( |
|
| 70 | + 'MyIdentifier', |
|
| 71 | + '4664f0d9c88dcb7552be47b37bb52ce35977b2e60e1ac13757cf625f31f87050a41f3da064887fa87d49fd042e4c8eb20de8f10464877d3959677ab011b73a47', |
|
| 72 | + 100 |
|
| 73 | + ); |
|
| 74 | + $this->logger->expects($this->never()) |
|
| 75 | + ->method('info'); |
|
| 76 | + |
|
| 77 | + $this->limiter->registerAnonRequest('MyIdentifier', 100, 100, '127.0.0.1'); |
|
| 78 | + } |
|
| 79 | + |
|
| 80 | + |
|
| 81 | + public function testRegisterUserRequestExceeded(): void { |
|
| 82 | + $this->expectException(\OC\Security\RateLimiting\Exception\RateLimitExceededException::class); |
|
| 83 | + $this->expectExceptionMessage('Rate limit exceeded'); |
|
| 84 | + |
|
| 85 | + /** @var IUser|\PHPUnit\Framework\MockObject\MockObject $user */ |
|
| 86 | + $user = $this->createMock(IUser::class); |
|
| 87 | + $user |
|
| 88 | + ->expects($this->once()) |
|
| 89 | + ->method('getUID') |
|
| 90 | + ->willReturn('MyUid'); |
|
| 91 | + $this->backend |
|
| 92 | + ->expects($this->once()) |
|
| 93 | + ->method('getAttempts') |
|
| 94 | + ->with( |
|
| 95 | + 'MyIdentifier', |
|
| 96 | + 'ddb2ec50fa973fd49ecf3d816f677c8095143e944ad10485f30fb3dac85c13a346dace4dae2d0a15af91867320957bfd38a43d9eefbb74fe6919e15119b6d805' |
|
| 97 | + ) |
|
| 98 | + ->willReturn(101); |
|
| 99 | + $this->logger->expects($this->once()) |
|
| 100 | + ->method('info'); |
|
| 101 | + |
|
| 102 | + $this->limiter->registerUserRequest('MyIdentifier', 100, 100, $user); |
|
| 103 | + } |
|
| 104 | + |
|
| 105 | + public function testRegisterUserRequestSuccess(): void { |
|
| 106 | + /** @var IUser|\PHPUnit\Framework\MockObject\MockObject $user */ |
|
| 107 | + $user = $this->createMock(IUser::class); |
|
| 108 | + $user |
|
| 109 | + ->expects($this->once()) |
|
| 110 | + ->method('getUID') |
|
| 111 | + ->willReturn('MyUid'); |
|
| 112 | + |
|
| 113 | + $this->backend |
|
| 114 | + ->expects($this->once()) |
|
| 115 | + ->method('getAttempts') |
|
| 116 | + ->with( |
|
| 117 | + 'MyIdentifier', |
|
| 118 | + 'ddb2ec50fa973fd49ecf3d816f677c8095143e944ad10485f30fb3dac85c13a346dace4dae2d0a15af91867320957bfd38a43d9eefbb74fe6919e15119b6d805' |
|
| 119 | + ) |
|
| 120 | + ->willReturn(99); |
|
| 121 | + $this->backend |
|
| 122 | + ->expects($this->once()) |
|
| 123 | + ->method('registerAttempt') |
|
| 124 | + ->with( |
|
| 125 | + 'MyIdentifier', |
|
| 126 | + 'ddb2ec50fa973fd49ecf3d816f677c8095143e944ad10485f30fb3dac85c13a346dace4dae2d0a15af91867320957bfd38a43d9eefbb74fe6919e15119b6d805', |
|
| 127 | + 100 |
|
| 128 | + ); |
|
| 129 | + $this->logger->expects($this->never()) |
|
| 130 | + ->method('info'); |
|
| 131 | + |
|
| 132 | + $this->limiter->registerUserRequest('MyIdentifier', 100, 100, $user); |
|
| 133 | + } |
|
| 134 | 134 | } |
@@ -16,66 +16,66 @@ |
||
| 16 | 16 | use Psr\Log\LoggerInterface; |
| 17 | 17 | |
| 18 | 18 | class Limiter implements ILimiter { |
| 19 | - public function __construct( |
|
| 20 | - private IBackend $backend, |
|
| 21 | - private LoggerInterface $logger, |
|
| 22 | - ) { |
|
| 23 | - } |
|
| 19 | + public function __construct( |
|
| 20 | + private IBackend $backend, |
|
| 21 | + private LoggerInterface $logger, |
|
| 22 | + ) { |
|
| 23 | + } |
|
| 24 | 24 | |
| 25 | - /** |
|
| 26 | - * @param int $period in seconds |
|
| 27 | - * @throws RateLimitExceededException |
|
| 28 | - */ |
|
| 29 | - private function register( |
|
| 30 | - string $methodIdentifier, |
|
| 31 | - string $userIdentifier, |
|
| 32 | - int $period, |
|
| 33 | - int $limit, |
|
| 34 | - ): void { |
|
| 35 | - $existingAttempts = $this->backend->getAttempts($methodIdentifier, $userIdentifier); |
|
| 36 | - if ($existingAttempts >= $limit) { |
|
| 37 | - $this->logger->info('Request blocked because it exceeds the rate limit [method: {method}, limit: {limit}, period: {period}]', [ |
|
| 38 | - 'method' => $methodIdentifier, |
|
| 39 | - 'limit' => $limit, |
|
| 40 | - 'period' => $period, |
|
| 41 | - ]); |
|
| 42 | - throw new RateLimitExceededException(); |
|
| 43 | - } |
|
| 25 | + /** |
|
| 26 | + * @param int $period in seconds |
|
| 27 | + * @throws RateLimitExceededException |
|
| 28 | + */ |
|
| 29 | + private function register( |
|
| 30 | + string $methodIdentifier, |
|
| 31 | + string $userIdentifier, |
|
| 32 | + int $period, |
|
| 33 | + int $limit, |
|
| 34 | + ): void { |
|
| 35 | + $existingAttempts = $this->backend->getAttempts($methodIdentifier, $userIdentifier); |
|
| 36 | + if ($existingAttempts >= $limit) { |
|
| 37 | + $this->logger->info('Request blocked because it exceeds the rate limit [method: {method}, limit: {limit}, period: {period}]', [ |
|
| 38 | + 'method' => $methodIdentifier, |
|
| 39 | + 'limit' => $limit, |
|
| 40 | + 'period' => $period, |
|
| 41 | + ]); |
|
| 42 | + throw new RateLimitExceededException(); |
|
| 43 | + } |
|
| 44 | 44 | |
| 45 | - $this->backend->registerAttempt($methodIdentifier, $userIdentifier, $period); |
|
| 46 | - } |
|
| 45 | + $this->backend->registerAttempt($methodIdentifier, $userIdentifier, $period); |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - /** |
|
| 49 | - * Registers attempt for an anonymous request |
|
| 50 | - * |
|
| 51 | - * @param int $anonPeriod in seconds |
|
| 52 | - * @throws RateLimitExceededException |
|
| 53 | - */ |
|
| 54 | - public function registerAnonRequest( |
|
| 55 | - string $identifier, |
|
| 56 | - int $anonLimit, |
|
| 57 | - int $anonPeriod, |
|
| 58 | - string $ip, |
|
| 59 | - ): void { |
|
| 60 | - $ipSubnet = (new IpAddress($ip))->getSubnet(); |
|
| 48 | + /** |
|
| 49 | + * Registers attempt for an anonymous request |
|
| 50 | + * |
|
| 51 | + * @param int $anonPeriod in seconds |
|
| 52 | + * @throws RateLimitExceededException |
|
| 53 | + */ |
|
| 54 | + public function registerAnonRequest( |
|
| 55 | + string $identifier, |
|
| 56 | + int $anonLimit, |
|
| 57 | + int $anonPeriod, |
|
| 58 | + string $ip, |
|
| 59 | + ): void { |
|
| 60 | + $ipSubnet = (new IpAddress($ip))->getSubnet(); |
|
| 61 | 61 | |
| 62 | - $anonHashIdentifier = hash('sha512', 'anon::' . $identifier . $ipSubnet); |
|
| 63 | - $this->register($identifier, $anonHashIdentifier, $anonPeriod, $anonLimit); |
|
| 64 | - } |
|
| 62 | + $anonHashIdentifier = hash('sha512', 'anon::' . $identifier . $ipSubnet); |
|
| 63 | + $this->register($identifier, $anonHashIdentifier, $anonPeriod, $anonLimit); |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - /** |
|
| 67 | - * Registers attempt for an authenticated request |
|
| 68 | - * |
|
| 69 | - * @param int $userPeriod in seconds |
|
| 70 | - * @throws RateLimitExceededException |
|
| 71 | - */ |
|
| 72 | - public function registerUserRequest( |
|
| 73 | - string $identifier, |
|
| 74 | - int $userLimit, |
|
| 75 | - int $userPeriod, |
|
| 76 | - IUser $user, |
|
| 77 | - ): void { |
|
| 78 | - $userHashIdentifier = hash('sha512', 'user::' . $identifier . $user->getUID()); |
|
| 79 | - $this->register($identifier, $userHashIdentifier, $userPeriod, $userLimit); |
|
| 80 | - } |
|
| 66 | + /** |
|
| 67 | + * Registers attempt for an authenticated request |
|
| 68 | + * |
|
| 69 | + * @param int $userPeriod in seconds |
|
| 70 | + * @throws RateLimitExceededException |
|
| 71 | + */ |
|
| 72 | + public function registerUserRequest( |
|
| 73 | + string $identifier, |
|
| 74 | + int $userLimit, |
|
| 75 | + int $userPeriod, |
|
| 76 | + IUser $user, |
|
| 77 | + ): void { |
|
| 78 | + $userHashIdentifier = hash('sha512', 'user::' . $identifier . $user->getUID()); |
|
| 79 | + $this->register($identifier, $userHashIdentifier, $userPeriod, $userLimit); |
|
| 80 | + } |
|
| 81 | 81 | } |
