Add rate limiting to all EPP actions

test/integration/epp/domain/check/base_test.rb

@@ -1,6 +1,11 @@
 require 'test_helper'
 
 class EppDomainCheckBaseTest < EppTestCase
+  setup do
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
+  end
+
   def test_returns_valid_response
     request_xml = <<-XML
       <?xml version="1.0" encoding="UTF-8" standalone="no"?>
@@ -193,4 +198,56 @@ class EppDomainCheckBaseTest < EppTestCase
     assert_correct_against_schema response_xml
     assert_equal 3, response_xml.xpath('//domain:cd', 'domain' => "#{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')}").size
   end
+
+  def test_returns_valid_response_if_not_throttled
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="#{Xsd::Schema.filename(for_prefix: 'epp-ee', for_version: '1.0')}">
+        <command>
+          <check>
+            <domain:check xmlns:domain="#{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')}">
+              <domain:name>some.test</domain:name>
+            </domain:check>
+          </check>
+        </command>
+      </epp>
+    XML
+
+    post epp_check_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    response_xml = Nokogiri::XML(response.body)
+    assert_epp_response :completed_successfully
+    assert_correct_against_schema response_xml
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="#{Xsd::Schema.filename(for_prefix: 'epp-ee', for_version: '1.0')}">
+        <command>
+          <check>
+            <domain:check xmlns:domain="#{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')}">
+              <domain:name>some.test</domain:name>
+            </domain:check>
+          </check>
+        </command>
+      </epp>
+    XML
+
+    post epp_check_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    post epp_check_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    response_xml = Nokogiri::XML(response.body)
+    assert_epp_response :session_limit_exceeded_server_closing_connection
+    assert_correct_against_schema response_xml
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
 end

test/integration/epp/domain/create/base_test.rb

@@ -1,6 +1,10 @@
 require 'test_helper'
 
 class EppDomainCreateBaseTest < EppTestCase
+  setup do
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
+  end
 
   def test_illegal_chars_in_dns_key
     name = "new.#{dns_zones(:one).origin}"
@@ -852,4 +856,85 @@ class EppDomainCreateBaseTest < EppTestCase
     assert_correct_against_schema response_xml
     assert_epp_response :completed_successfully
   end
+
+  def test_returns_valid_response_if_not_throttled
+    now = Time.zone.parse('2010-07-05')
+    travel_to now
+    disputed_domain = disputes(:active)
+    password = disputed_domain.password
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="#{Xsd::Schema.filename(for_prefix: 'epp-ee', for_version: '1.0')}">
+        <command>
+          <create>
+            <domain:create xmlns:domain="#{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')}">
+              <domain:name>#{disputed_domain.domain_name}</domain:name>
+              <domain:registrant>#{contacts(:john).code}</domain:registrant>
+            </domain:create>
+          </create>
+          <extension>
+            <eis:extdata xmlns:eis="#{Xsd::Schema.filename(for_prefix: 'eis', for_version: '1.0')}">
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
+              <eis:reserved>
+                <eis:pw>#{password}</eis:pw>
+              </eis:reserved>
+            </eis:extdata>
+          </extension>
+        </command>
+      </epp>
+    XML
+
+    post epp_create_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    response_xml = Nokogiri::XML(response.body)
+    assert_epp_response :completed_successfully
+    assert_correct_against_schema response_xml
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+
+    now = Time.zone.parse('2010-07-05')
+    travel_to now
+    disputed_domain = disputes(:active)
+    password = disputed_domain.password
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="#{Xsd::Schema.filename(for_prefix: 'epp-ee', for_version: '1.0')}">
+        <command>
+          <create>
+            <domain:create xmlns:domain="#{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')}">
+              <domain:name>#{disputed_domain.domain_name}</domain:name>
+              <domain:registrant>#{contacts(:john).code}</domain:registrant>
+            </domain:create>
+          </create>
+          <extension>
+            <eis:extdata xmlns:eis="#{Xsd::Schema.filename(for_prefix: 'eis', for_version: '1.0')}">
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
+              <eis:reserved>
+                <eis:pw>#{password}</eis:pw>
+              </eis:reserved>
+            </eis:extdata>
+          </extension>
+        </command>
+      </epp>
+    XML
+
+    post epp_create_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    post epp_create_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    response_xml = Nokogiri::XML(response.body)
+    assert_epp_response :session_limit_exceeded_server_closing_connection
+    assert_correct_against_schema response_xml
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
 end

test/integration/epp/domain/info/base_test.rb

@@ -234,6 +234,7 @@ class EppDomainInfoBaseTest < EppTestCase
          headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
 
     response_xml = Nokogiri::XML(response.body)
+    # binding.pry
     assert_epp_response :session_limit_exceeded_server_closing_connection
     assert_correct_against_schema response_xml
     assert response.body.include?(Shunter.default_error_message)

test/integration/epp/domain/update/base_test.rb

@@ -10,6 +10,9 @@ class EppDomainUpdateBaseTest < EppTestCase
     @original_registrant_change_verification =
     Setting.request_confirmation_on_registrant_change_enabled
     ActionMailer::Base.deliveries.clear
+
+    adapter = ENV["shunter_default_adapter"].constantize.new
+    adapter&.clear!
   end
 
   teardown do
@@ -882,6 +885,88 @@ class EppDomainUpdateBaseTest < EppTestCase
     assert_epp_response :object_does_not_exist
   end
 
+  def test_returns_valid_response_if_not_throttled
+    ENV['obj_and_extensions_prohibited'] = 'true'
+    @domain = domains(:shop)
+    @domain.statuses << DomainStatus::SERVER_EXTENSION_UPDATE_PROHIBITED
+    @domain.save
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="#{Xsd::Schema.filename(for_prefix: 'epp-ee', for_version: '1.0')}">
+        <command>
+          <update>
+            <domain:update xmlns:domain="#{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')}">
+              <domain:name>shop.test</domain:name>
+              <domain:rem>
+              <domain:ns>
+                <domain:hostAttr>
+                  <domain:hostName>#{nameservers(:shop_ns1).hostname}</domain:hostName>
+                </domain:hostAttr>
+                <domain:hostAttr>
+                  <domain:hostName>#{nameservers(:shop_ns2).hostname}</domain:hostName>
+                </domain:hostAttr>
+              </domain:ns>
+            </domain:rem>
+            </domain:update>
+          </update>
+        </command>
+      </epp>
+    XML
+
+    post epp_update_path, params: { frame: request_xml },
+                          headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    response_xml = Nokogiri::XML(response.body)
+    assert_epp_response :completed_successfully
+    assert_correct_against_schema response_xml
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV["shunter_default_threshold"] = '1'
+    ENV["shunter_enabled"] = 'true'
+    ENV['obj_and_extensions_prohibited'] = 'true'
+    @domain = domains(:shop)
+    @domain.statuses << DomainStatus::SERVER_EXTENSION_UPDATE_PROHIBITED
+    @domain.save
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="#{Xsd::Schema.filename(for_prefix: 'epp-ee', for_version: '1.0')}">
+        <command>
+          <update>
+            <domain:update xmlns:domain="#{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')}">
+              <domain:name>shop.test</domain:name>
+              <domain:rem>
+              <domain:ns>
+                <domain:hostAttr>
+                  <domain:hostName>#{nameservers(:shop_ns1).hostname}</domain:hostName>
+                </domain:hostAttr>
+                <domain:hostAttr>
+                  <domain:hostName>#{nameservers(:shop_ns2).hostname}</domain:hostName>
+                </domain:hostAttr>
+              </domain:ns>
+            </domain:rem>
+            </domain:update>
+          </update>
+        </command>
+      </epp>
+    XML
+
+    post epp_update_path, params: { frame: request_xml },
+                          headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    post epp_update_path, params: { frame: request_xml },
+                          headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    response_xml = Nokogiri::XML(response.body)
+    assert_epp_response :session_limit_exceeded_server_closing_connection
+    assert_correct_against_schema response_xml
+    assert response.body.include?(Shunter.default_error_message)
+    ENV["shunter_default_threshold"] = '10000'
+    ENV["shunter_enabled"] = 'false'
+  end
+
   private
 
   def assert_verification_and_notification_emails