On Sat, Jun 18, 2022 at 11:06:02AM +0900, Dong Wook Lee wrote:
> I have written a test for the auth_delay extension before,
> but if it is okay, can you review it?
+# check enter wrong password
+my $t0 = [gettimeofday];
+test_login($node, 'user_role', "wrongpass", 2);
+my $elapsed = tv_interval($t0, [gettimeofday]);
+ok($elapsed >= $delay_milliseconds / 1000, "auth_delay $elapsed seconds");
+
+# check enter correct password
+my $t0 = [gettimeofday];
+test_login($node, 'user_role', "pass", 0);
+my $elapsed = tv_interval($t0, [gettimeofday]);
+ok($elapsed < $delay_milliseconds / 1000, "auth_delay $elapsed seconds");
On a slow machine, I suspect that the second test is going to be
unstable as it would fail if the login attempt (that succeeds) takes
more than $delay_milliseconds. You could increase more
delay_milliseconds to leverage that, but it would make the first test
slower for nothing on faster machines in the case where the
authentication attempt has failed. I guess that you could leverage
that by using a large value for delay_milliseconds in the second test,
because we are never going to wait. For the first test, you could on
the contrary use a much lower value, still on slow machines it may not
test what the code path of auth_delay you are willing to test.
As a whole, I am not sure that this is really worth spending cycles on
when running check-world or similar, and the code of the extension is
trivial.
--
Michael
