Add playwright rate limiter test

Arize-ai · Sep 20, 2024 · dd1e9be · dd1e9be
1 parent b3ae7a4
commit dd1e9be
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 2 deletions.
diff --git a/app/playwright.config.ts b/app/playwright.config.ts
@@ -46,6 +46,12 @@ export default defineConfig({
       name: "webkit",
       use: { ...devices["Desktop Safari"] },
     },
+    {
+      name: "rate limit",
+      use: { ...devices["Desktop Chrome"] },
+      dependencies: ["chromium", "firefox", "webkit"],
+      testMatch: "**/*.rate-limit.spec.ts",
+    },
     /* Test against mobile viewports. */
     // {
     //   name: 'Mobile Chrome',

diff --git a/app/src/pages/auth/LoginForm.tsx b/app/src/pages/auth/LoginForm.tsx
@@ -39,7 +39,10 @@ export function LoginForm(props: LoginFormProps) {
           body: JSON.stringify(params),
         });
         if (!response.ok) {
-          setError("Invalid login");
+          const errorMessage = response.status === 429 
+            ? "Too many requests. Please try again later." 
+            : "Invalid login";
+          setError(errorMessage);
           return;
         }
       } catch (error) {

diff --git a/app/tests/login.rate-limit.spec.ts b/app/tests/login.rate-limit.spec.ts
@@ -0,0 +1,17 @@
+import { expect, test } from "@playwright/test";
+
+test("that login gets rate limited after too many attempts", async ({ page }) => {
+  await page.goto("/login");
+  await page.waitForURL("**/login");
+
+  const email = `[email protected]`;
+  // Add the user
+  await page.getByLabel("Email").fill(email);
+  await page.getByLabel("Password *", { exact: true }).fill("not-a-password");
+
+  const numberOfAttempts = 10;
+  for (let i = 0; i < numberOfAttempts; i++) {
+    await page.getByRole("button", { name: "Login" }).click();
+  }
+  await expect(page.getByText("Too many requests. Please try again later.")).toBeVisible();
+});
diff --git a/src/phoenix/server/api/routers/auth.py b/src/phoenix/server/api/routers/auth.py
@@ -48,7 +48,7 @@
 
 rate_limiter = ServerRateLimiter(
     per_second_rate_limit=0.2,
-    enforcement_window_seconds=30,
+    enforcement_window_seconds=60,
     partition_seconds=60,
     active_partitions=2,
 )