Tests related to brute force attack prevention.#2245
Conversation
|
Bwc tests are broken on main. Tracking issue here: #2221 |
3585cb3 to
a9cec7b
Compare
Signed-off-by: Lukasz Soszynski <lukasz.soszynski@eliatra.com>
Signed-off-by: Lukasz Soszynski <lukasz.soszynski@eliatra.com>
a9cec7b to
3f4a665
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2245 +/- ##
============================================
+ Coverage 61.02% 61.16% +0.13%
- Complexity 3267 3274 +7
============================================
Files 259 259
Lines 18337 18337
Branches 3248 3248
============================================
+ Hits 11191 11216 +25
+ Misses 5561 5536 -25
Partials 1585 1585 🚀 New features to boost your workflow:
|
|
|
||
| HttpResponse response = client.getAuthInfo(); | ||
|
|
||
| response.assertStatusCode(SC_UNAUTHORIZED); |
There was a problem hiding this comment.
Out of curiosity, how do you test that an IP is blocked after multiple failed logins? I mean, that end user will still see UNAUTHORIZED error but on server side how do we know that the IP is blocked?
There was a problem hiding this comment.
I added an explicit check of logs in the commit c95fbdb
| hcb.setConnectionManager(cm); | ||
| if(routePlanner != null) { | ||
| hcb.setRoutePlanner(routePlanner); | ||
| } |
There was a problem hiding this comment.
out of curiosity, why do we need routePlanner? i see it being used in TestRestClient, but couldn't understand the purpose completely
There was a problem hiding this comment.
In order to set the request source IP address, this is done by org.opensearch.test.framework.cluster.LocalAddressRoutePlanner which implements HttpRoutePlanner.
The Apache HTTP Client in version 4 contained a convenient method to set the request source IP address RequestConfig.custom().setLocalAddress(inetAddress).build();. But the method was removed in version 5 of Apache HTTP Client
…ventionTests extended to verify unauthorized response reason. Signed-off-by: Lukasz Soszynski <lukasz.soszynski@eliatra.com>
| } | ||
|
|
||
| @Test | ||
| public void shouldBlockIpWhenFailureAuthenticationCountIsGraterThanAllowedTries() { |
| } | ||
|
|
||
| @Test | ||
| public void shouldBlockUserWhenNumberOfFailureLoginAttemptIsGraterThanLimit() { |
Signed-off-by: Lukasz Soszynski lukasz.soszynski@eliatra.com
Description
[Describe what this change achieves]
Test related to brute-force attack prevention and a minor correction for TlsTests.
Issues Resolved
[List any issues this PR will resolve]
Is this a backport? If so, please add backport PR # and/or commits #
Testing
[Please provide details of testing done: unit testing, integration testing and manual testing]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.