Added unit test

ORCID · Feb 10, 2025 · 3ddb35f · 3ddb35f
1 parent 2ab4174
commit 3ddb35f
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 1 deletion.
diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
@@ -104,7 +104,7 @@ public class ApiRateLimitFilter extends OncePerRequestFilter {
     @Value("${org.orcid.papi.rate.limit.referrer.whiteSpaceSeparatedWhiteList}")
     private String papiReferrerWhiteSpaceSeparatedWhiteList;
 
-    @Value("${org.orcid.papi.rate.limit.cidrRange.whiteSpaceSeparatedWhiteList}")
+    @Value("${org.orcid.papi.rate.limit.cidrRange.whiteSpaceSeparatedWhiteList:10.0.0.0/8}")
     private String papiCidrRangeWhiteSpaceSeparatedWhiteList;
 
     private List<String> papiIpWhiteList;

diff --git a/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java b/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java
@@ -219,4 +219,40 @@ public void doFilterInternal_checkLimitReachedTest() throws ServletException, IO
                 "Too Many Requests. You have exceeded the daily quota for anonymous usage of this API. \nYou can increase your daily quota by registering for and using Public API client credentials (https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/)",
                 content);
     }
+
+    @Test
+    public void doFilterInternal_annonymousRequest_whitelisted_cidr_IP_Test() throws ServletException, IOException {
+        MockitoAnnotations.initMocks(this);
+        String ip_in_cidr = "10.0.0.0";
+
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "enableRateLimiting", true);
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "orcidTokenStore", orcidTokenStoreMock);
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "papiRedisClient", papiRateLimitRedisMock);
+
+        when(papiRateLimitRedisMock.getTodayDailyLimitsForClient(eq(ip_in_cidr))).thenReturn(null);
+        httpServletRequestMock.addHeader("X-REAL-IP", ip_in_cidr);
+
+        apiRateLimitFilter.doFilterInternal(httpServletRequestMock, httpServletResponseMock, filterChainMock);
+
+        verify(orcidTokenStoreMock, never()).readClientId(anyString());
+        verify(papiRateLimitRedisMock, never()).setTodayLimitsForClient(eq(ip_in_cidr), any());
+    }
+
+    @Test
+    public void doFilterInternal_annonymousRequest_not_whitelisted_cidr_IP_Test() throws ServletException, IOException {
+        MockitoAnnotations.initMocks(this);
+        String ip_not_cidr = "20.0.0.0";
+
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "enableRateLimiting", true);
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "orcidTokenStore", orcidTokenStoreMock);
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "papiRedisClient", papiRateLimitRedisMock);
+
+        when(papiRateLimitRedisMock.getTodayDailyLimitsForClient(eq(ip_not_cidr))).thenReturn(null);
+        httpServletRequestMock.addHeader("X-REAL-IP", ip_not_cidr);
+
+        apiRateLimitFilter.doFilterInternal(httpServletRequestMock, httpServletResponseMock, filterChainMock);
+
+        verify(orcidTokenStoreMock, never()).readClientId(anyString());
+        verify(papiRateLimitRedisMock, times(1)).setTodayLimitsForClient(eq(ip_not_cidr), any(JSONObject.class));
+    }
 }