Merge pull request hedyorg#410 from Felienne/stress-testing-script

Modify e2e test suite to be able to run concurrent/stress tests
TiBiBa · May 20, 2021 · e374a88 · e374a88
2 parents 6e929ae + d1fd0f1
commit e374a88
Show file tree

Hide file tree

Showing 5 changed files with 150 additions and 80 deletions.
diff --git a/CONFIGURATION.md b/CONFIGURATION.md
@@ -50,6 +50,12 @@ App secret (for cookies):
 SECRET_KEY
 ```
 
+To determine if this is the production environment (to avoid requests from e2e tests being considered as such, to avoid any sort of security loopholes):
+
+```
+IS_PRODUCTION
+```
+
 ## Heroku Metadata
 
 This app depends on some environment variables that require Heroku dyno metadata.

diff --git a/app.py b/app.py
@@ -175,6 +175,12 @@ def redirect_ab (request, session):
     redirect_flag = (hash_user_or_session (user_identifier) % 100) < redirect_proportion
     return redirect_flag
 
+if os.getenv('IS_PRODUCTION'):
+    @app.before_request
+    def reject_e2e_requests():
+        if utils.is_testing_request (request):
+            return 'No E2E tests are allowed in production', 400
+
 # If present, PROXY_TO_TEST_ENV should be the name of the target environment
 if os.getenv ('PROXY_TO_TEST_ENV') and not os.getenv ('IS_TEST_ENV'):
     @app.before_request

diff --git a/auth.py b/auth.py
@@ -4,7 +4,7 @@
 import urllib
 from flask import request, make_response, jsonify, redirect
 from flask_helpers import render_template
-from utils import type_check, object_check, timems, times, db_get, db_set, db_del, db_del_many, db_scan, db_describe, db_get_many, extract_bcrypt_rounds
+from utils import type_check, object_check, timems, times, db_get, db_set, db_del, db_del_many, db_scan, db_describe, db_get_many, extract_bcrypt_rounds, is_testing_request
 import datetime
 from functools import wraps
 from config import config
@@ -165,7 +165,7 @@ def signup ():
         username = body ['username'].strip ().lower ()
         email = body ['email'].strip ().lower ()
 
-        if env and 'subscribe' in body and body ['subscribe'] == True:
+        if not is_testing_request (request) and 'subscribe' in body and body ['subscribe'] == True:
             # If we have a Mailchimp API key, we use it to add the subscriber through the API
             if os.getenv ('MAILCHIMP_API_KEY') and os.getenv ('MAILCHIMP_AUDIENCE_ID'):
                 # The first domain in the path is the server name, which is contained in the Mailchimp API key
@@ -209,8 +209,8 @@ def signup ():
         cookie = make_salt ()
         db_set ('tokens', {'id': cookie, 'username': user ['username'], 'ttl': times () + session_length})
 
-        # If on local environment, we return email verification token directly instead of emailing it, for test purposes.
-        if not env:
+        # If this is an e2e test, we return the email verification token directly instead of emailing it.
+        if is_testing_request (request):
             resp = make_response ({'username': username, 'token': hashed_token})
         # Otherwise, we send an email with a verification link and we return an empty body
         else:
@@ -283,7 +283,7 @@ def change_password (user):
         hashed = hash (body ['new_password'], make_salt ())
 
         db_set ('users', {'username': user ['username'], 'password': hashed})
-        if env:
+        if not is_testing_request (request):
             send_email_template ('change_password', user ['email'], requested_lang (), None)
 
         return '', 200
@@ -320,8 +320,8 @@ def update_profile (user):
                 token = make_salt ()
                 hashed_token = hash (token, make_salt ())
                 db_set ('users', {'username': user ['username'], 'email': email, 'verification_pending': hashed_token})
-                if not env:
-                   # If on local environment, we return email verification token directly instead of emailing it, for test purposes.
+                # If this is an e2e test, we return the email verification token directly instead of emailing it.
+                if is_testing_request (request):
                    resp = {'username': user ['username'], 'token': hashed_token}
                 else:
                     send_email_template ('welcome_verify', email, requested_lang (), os.getenv ('BASE_URL') + '/auth/verify?username=' + urllib.parse.quote_plus (user['username']) + '&token=' + urllib.parse.quote_plus (hashed_token))
@@ -374,8 +374,8 @@ def recover ():
 
         db_set ('tokens', {'id': user ['username'], 'token': hashed, 'ttl': times () + session_length})
 
-        if not env:
-            # If on local environment, we return email verification token directly instead of emailing it, for test purposes.
+        if is_testing_request (request):
+            # If this is an e2e test, we return the email verification token directly instead of emailing it.
             return jsonify ({'username': user ['username'], 'token': token}), 200
         else:
             send_email_template ('recover_password', user ['email'], requested_lang (), os.getenv ('BASE_URL') + '/reset?username=' + urllib.parse.quote_plus (user ['username']) + '&token=' + urllib.parse.quote_plus (token))
@@ -409,7 +409,7 @@ def reset ():
         db_set ('users', {'username': body ['username'], 'password': hashed})
         user = db_get ('users', {'username': body ['username']})
 
-        if env:
+        if not is_testing_request (request):
             send_email_template ('reset_password', user ['email'], requested_lang (), None)
 
         return '', 200