diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java index d3fe76efcb..6424b8280c 100644 --- a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java +++ b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java @@ -104,7 +104,7 @@ public class ApiRateLimitFilter extends OncePerRequestFilter { @Value("${org.orcid.papi.rate.limit.referrer.whiteSpaceSeparatedWhiteList}") private String papiReferrerWhiteSpaceSeparatedWhiteList; - @Value("${org.orcid.papi.rate.limit.cidrRange.whiteSpaceSeparatedWhiteList}") + @Value("${org.orcid.papi.rate.limit.cidrRange.whiteSpaceSeparatedWhiteList:10.0.0.0/8}") private String papiCidrRangeWhiteSpaceSeparatedWhiteList; private List papiIpWhiteList; diff --git a/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java b/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java index 427a4dcaa2..25d1849dba 100644 --- a/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java +++ b/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java @@ -8,8 +8,6 @@ import org.mockito.MockitoAnnotations; import org.orcid.core.api.rate_limit.PapiRateLimitRedisClient; import org.orcid.core.oauth.service.OrcidTokenStore; -import org.orcid.persistence.dao.PublicApiDailyRateLimitDao; -import org.orcid.persistence.jpa.entities.PublicApiDailyRateLimitEntity; import org.orcid.test.OrcidJUnit4ClassRunner; import org.orcid.test.TargetProxyHelper; import org.springframework.mock.web.MockHttpServletRequest; @@ -219,4 +217,40 @@ public void doFilterInternal_checkLimitReachedTest() throws ServletException, IO "Too Many Requests. You have exceeded the daily quota for anonymous usage of this API. \nYou can increase your daily quota by registering for and using Public API client credentials (https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/)", content); } -} \ No newline at end of file + + @Test + public void doFilterInternal_annonymousRequest_whitelisted_cidr_IP_Test() throws ServletException, IOException { + MockitoAnnotations.initMocks(this); + String ip_in_cidr = "10.0.0.0"; + + TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "enableRateLimiting", true); + TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "orcidTokenStore", orcidTokenStoreMock); + TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "papiRedisClient", papiRateLimitRedisMock); + + when(papiRateLimitRedisMock.getTodayDailyLimitsForClient(eq(ip_in_cidr))).thenReturn(null); + httpServletRequestMock.addHeader("X-REAL-IP", ip_in_cidr); + + apiRateLimitFilter.doFilterInternal(httpServletRequestMock, httpServletResponseMock, filterChainMock); + + verify(orcidTokenStoreMock, never()).readClientId(anyString()); + verify(papiRateLimitRedisMock, never()).setTodayLimitsForClient(eq(ip_in_cidr), any()); + } + + @Test + public void doFilterInternal_annonymousRequest_not_whitelisted_cidr_IP_Test() throws ServletException, IOException { + MockitoAnnotations.initMocks(this); + String ip_not_cidr = "20.0.0.0"; + + TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "enableRateLimiting", true); + TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "orcidTokenStore", orcidTokenStoreMock); + TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "papiRedisClient", papiRateLimitRedisMock); + + when(papiRateLimitRedisMock.getTodayDailyLimitsForClient(eq(ip_not_cidr))).thenReturn(null); + httpServletRequestMock.addHeader("X-REAL-IP", ip_not_cidr); + + apiRateLimitFilter.doFilterInternal(httpServletRequestMock, httpServletResponseMock, filterChainMock); + + verify(orcidTokenStoreMock, never()).readClientId(anyString()); + verify(papiRateLimitRedisMock, times(1)).setTodayLimitsForClient(eq(ip_not_cidr), any(JSONObject.class)); + } +}