Remove short_term_phone_otp_rate_limiter_enabled configuration key#10432
Conversation
changelog: Internal, Configuration, Remove short_term_phone_otp_rate_limiter_enabled configuration key
mitchellhenke
force-pushed
the
mitchellhenke/remove-short-otp-enable-configuration
branch
from
9b86656 to
99c2921
Compare
mitchellhenke
deleted the
mitchellhenke/remove-short-otp-enable-configuration
branch
| secret_key_base: test_secret_key_base | ||
| session_encryption_key: 27bad3c25711099429c1afdfd1890910f3b59f5a4faec1c85e945cb8b02b02f261ba501d99cfbb4fab394e0102de6fecf8ffe260f322f610db3e96b2a775c120 | ||
| short_term_phone_otp_rate_limiter_enabled: false | ||
| short_term_phone_otp_max_attempts: 100 |
There was a problem hiding this comment.
Maybe we should have something which resets all rate limits between tests? Unclear if that would actually help for the reason this was added.
That, and/or use a fake phone generator in the phone factory setup.
There was a problem hiding this comment.
I think some of them were sending too many SMS within the same test. ex:
identity-idp/spec/features/openid_connect/openid_connect_spec.rb
Lines 33 to 38 in 333c22c
There was a problem hiding this comment.
Hm, fair enough. Seems like we may want to revisit those at some point to make them more realistic to what we'd expect in the real-world.
I started poking at my previous idea of resetting the rate limiter, though I don't love the idea here of multiple calls to Redis between each test:
# spec/support/rate_limiter.rb
RSpec.configure do |config|
config.before(:each) do
REDIS_THROTTLE_POOL.with do |client|
keys = client.call [:keys, 'throttle:*']
client.call [:del, *keys]
end
end
end
There was a problem hiding this comment.
do we need the .call? I think we can:
RSpec.configure do |config|
config.before(:each) do
REDIS_THROTTLE_POOL.with do |client|
keys = client.keys('throttle:*')
client.del(*keys)
end
end
endThere was a problem hiding this comment.
Stumbling my way through the solution led me to this issue, which seemed to imply that call is a bit safer when deleting many keys. Though I doubt we have so many matches that it'd become an issue.
There was a problem hiding this comment.
Haven't confirmed that it does or doesn't work, but I think we intend to reset the rate limit pool between tests:
identity-idp/spec/rails_helper.rb
Line 112 in 333c22c
There was a problem hiding this comment.
Ah, that would (likely) work too! As you mentioned, it's probably more to do with limits within a single test being exceeded.
3 participants
🛠 Summary of changes
Related to #10360. This has been tested and can be enabled everywhere.