Skip to content

Commit

Permalink
fix: changelog and test
Browse files Browse the repository at this point in the history
  • Loading branch information
sattvikc committed Mar 20, 2024
1 parent 8199b41 commit 2d80800
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 4 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [9.0.1] - 2024-03-20

- Fixes verify TOTP and verify device APIs to treat any code as invalid
- Fixes the computation of the number of failed attempts when return `INVALID_TOTP_ERROR`

## [9.0.0] - 2024-03-13

### Added
Expand Down
26 changes: 22 additions & 4 deletions src/test/java/io/supertokens/test/totp/TOTPRecipeTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -348,15 +348,33 @@ public void rateLimitCooldownTest() throws Exception {
// Wait for 1 second (Should cool down rate limiting):
Thread.sleep(1000);
// But again try with invalid code:
assertThrows(InvalidTotpException.class, () -> Totp.verifyCode(main, "user", "invalid0"));
assertThrows(InvalidTotpException.class, () -> Totp.verifyCode(main, "user", "invalid0"));
assertThrows(InvalidTotpException.class, () -> Totp.verifyCode(main, "user", "invalid0"));
InvalidTotpException invalidTotpException = assertThrows(InvalidTotpException.class,
() -> Totp.verifyCode(main, "user", "invalid0"));
assertEquals(1, invalidTotpException.currentAttempts);
invalidTotpException = assertThrows(InvalidTotpException.class, () -> Totp.verifyCode(main, "user", "invalid0"));
assertEquals(2, invalidTotpException.currentAttempts);
invalidTotpException = assertThrows(InvalidTotpException.class, () -> Totp.verifyCode(main, "user", "invalid0"));
assertEquals(3, invalidTotpException.currentAttempts);

// This triggered rate limiting again. So even valid codes will fail for
// another cooldown period:
assertThrows(LimitReachedException.class,
LimitReachedException limitReachedException = assertThrows(LimitReachedException.class,
() -> Totp.verifyCode(main, "user", generateTotpCode(main, device)));
assertEquals(3, limitReachedException.currentAttempts);
// Wait for 1 second (Should cool down rate limiting):
Thread.sleep(1000);

// test that after cool down, we can retry invalid codes N times again
invalidTotpException = assertThrows(InvalidTotpException.class,
() -> Totp.verifyCode(main, "user", "invalid0"));
assertEquals(1, invalidTotpException.currentAttempts);
invalidTotpException = assertThrows(InvalidTotpException.class, () -> Totp.verifyCode(main, "user", "invalid0"));
assertEquals(2, invalidTotpException.currentAttempts);
invalidTotpException = assertThrows(InvalidTotpException.class, () -> Totp.verifyCode(main, "user", "invalid0"));
assertEquals(3, invalidTotpException.currentAttempts);

Thread.sleep(1100);

// Now try with valid code:
Totp.verifyCode(main, "user", generateTotpCode(main, device));
// Now invalid code shouldn't trigger rate limiting. Unless you do it N times:
Expand Down

0 comments on commit 2d80800

Please sign in to comment.