fix: address security review findings
This commit is contained in:
@@ -0,0 +1,19 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
require_once PLUGIN_ROOT . '/exec/lib/RateLimiter.php';
|
||||
|
||||
test('rate limiter enforces limit across sequential requests', function (): void {
|
||||
$limiter = new RateLimiter(TEST_TMP . '/rate-limit');
|
||||
|
||||
$limiter->assertAllowed('user-mxtest', 2, 60);
|
||||
$limiter->assertAllowed('user-mxtest', 2, 60);
|
||||
|
||||
try {
|
||||
$limiter->assertAllowed('user-mxtest', 2, 60);
|
||||
throw new RuntimeException('Expected third request to be rate limited');
|
||||
} catch (RuntimeException $e) {
|
||||
assert_contains('rate limit', strtolower($e->getMessage()));
|
||||
}
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user