pytest-clerk 4.0.1__tar.gz → 4.0.3__tar.gz

{pytest_clerk-4.0.1 → pytest_clerk-4.0.3}/PKG-INFO

@@ -1,26 +1,19 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.3
 Name: pytest-clerk
-Version: 4.0.1
+Version: 4.0.3
 Summary: A set of pytest fixtures to help with integration testing with Clerk.
-Home-page: https://gitlab.com/munipal-oss/pytest-clerk
 License: MIT
 Author: Ryan Causey
 Author-email: ryan.causey@munipal.io
 Requires-Python: >=3.10,<4.0
 Classifier: Framework :: Pytest
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Programming Language :: Python :: 3.13
 Provides-Extra: aws
-Requires-Dist: httpx (>=0.28.0,<0.29.0)
+Requires-Dist: httpx (>=0.28.0,<1.0.0)
+Requires-Dist: limits (>=4.0.1,<5.0.0)
 Requires-Dist: pytest (>=8.0.0,<9.0.0)
-Requires-Dist: pytest-aws-fixtures (>=3.0.0,<4.0.0) ; extra == "aws"
+Requires-Dist: pytest-aws-fixtures (>=3.0.0,<4.0) ; extra == "aws"
 Requires-Dist: python-decouple (>=3.0,<4.0)
 Requires-Dist: tenacity (>=9.0.0,<10.0.0)
-Project-URL: Repository, https://gitlab.com/munipal-oss/pytest-clerk
 Description-Content-Type: text/markdown
 
 # Pytest Clerk

{pytest_clerk-4.0.1 → pytest_clerk-4.0.3}/pyproject.toml

@@ -1,22 +1,30 @@
-[tool.poetry]
+[project]
 name = "pytest-clerk"
-version = "4.0.1"
+version = "4.0.3"
 description = "A set of pytest fixtures to help with integration testing with Clerk."
-authors = ["Ryan Causey <ryan.causey@munipal.io>"]
 license = "MIT"
 readme = "README.md"
 repository = "https://gitlab.com/munipal-oss/pytest-clerk"
 homepage = "https://gitlab.com/munipal-oss/pytest-clerk"
 packages = [{include = "pytest_clerk"}]
 classifiers = ["Framework :: Pytest"]
+requires-python = ">=3.10,<4.0"
+dependencies = [
+    "pytest >=8.0.0,<9.0.0",
+    "python-decouple >=3.0,<4.0",
+    "tenacity >=9.0.0,<10.0.0",
+    "httpx >=0.28.0,<1.0.0",
+    "limits (>=4.0.1,<5.0.0)",
+]
 
-[tool.poetry.dependencies]
-python = "^3.10"
-pytest = "^8.0.0"
-python-decouple = "^3.0"
-tenacity = "^9.0.0"
-httpx = "^0.28.0"
-pytest-aws-fixtures = {version = "^3.0.0", optional = true}
+[project.optional-dependencies]
+aws = [
+    "pytest-aws-fixtures >=3.0.0,<4.0",
+]
+
+[[project.authors]]
+name = "Ryan Causey"
+email = "ryan.causey@munipal.io"
 
 [tool.poetry.group.dev.dependencies]
 prospector = "^1.10.2"
@@ -24,10 +32,7 @@ black = "^24.0.0"
 isort = "^5.12.0"
 pre-commit = "^4.0.0"
 
-[tool.poetry.extras]
-aws = ["pytest-aws-fixtures"]
-
-[tool.poetry.plugins."pytest11"]
+[project.entry-points."pytest11"]
 pytest_clerk = "pytest_clerk.clerk"
 
 [build-system]

{pytest_clerk-4.0.1 → pytest_clerk-4.0.3}/pytest_clerk/clerk.py

@@ -1,8 +1,12 @@
+import logging
+import re
 from contextlib import suppress
+from time import sleep
 
 import httpx
 import pytest
 from decouple import UndefinedValueError, config
+from limits import RateLimitItemPerSecond, storage, strategies
 from tenacity import retry, retry_if_exception, wait_random_exponential
 
 retryable_status_codes = (
@@ -13,6 +17,165 @@ retryable_status_codes = (
     httpx.codes.GATEWAY_TIMEOUT,
 )
 
+logger = logging.getLogger(__name__)
+
+
+class ClerkRateLimiter:
+    """This class manages all of the rate limits for the various API endpoints of Clerk
+    for both the front end and back end APIs.
+    """
+
+    def __init__(self):
+        """Initialize all of the rate limits."""
+        # Use an instance of an object to specify the "no limits" default. This is so
+        # that we don't pass any `is None` checks when the default is specified as no
+        # limits.
+        self.no_limit = object()
+        self.backend_rate_limits = {
+            # 19 requests per 10 seconds.
+            "POST": {r"/v1/users": RateLimitItemPerSecond(amount=19, multiples=10)},
+            # No rate limits.
+            "GET": {r"/v1/jwks": self.no_limit},
+            # 99 requests per 10 seconds.
+            "DEFAULT": RateLimitItemPerSecond(amount=99, multiples=10),
+        }
+        self.frontend_rate_limits = {
+            "POST": {
+                # 2 requests per 10 seconds.
+                r"/v1/client/sign_ins/(?P<sign_in_id>.*?)/attempt_first_factor": RateLimitItemPerSecond(
+                    amount=2, multiples=10
+                ),
+                # 2 requests per 10 seconds.
+                r"/v1/client/sign_ins/(?P<sign_in_id>.*?)/attempt_second_factor": RateLimitItemPerSecond(
+                    amount=2, multiples=10
+                ),
+                # 2 requests per 10 seconds.
+                r"/v1/client/sign_ups/(?P<sign_up_id>.*?)/attempt_verification": RateLimitItemPerSecond(
+                    amount=2, multiples=10
+                ),
+                # 4 requests per 10 seconds.
+                r"/v1/client/sign_ins": RateLimitItemPerSecond(amount=4, multiples=10),
+                # 4 requests per 10 seconds.
+                r"/v1/client/sign_ups": RateLimitItemPerSecond(amount=4, multiples=10),
+            }
+        }
+        self.storage = storage.MemoryStorage()
+        self.strategy = strategies.FixedWindowRateLimiter(self.storage)
+
+    def get_rate_limit_item(self, request, rate_limits):
+        """Return the found rate limit item and namespace to use when checking the rate
+        limit for this request.
+
+        The returned namespace should be used as the unique identifier in order to group
+        the various rate limit checks.
+
+        If there is no rate limit specified, the rate limit item will be `None`. If
+        there is a rate limit specified, but it is unlimited, the rate limit item will
+        be `self.no_limit`.
+        """
+        path = request.url.path
+        method = request.method
+        host = request.url.host
+
+        logger.debug(
+            "Searching for rate limit for method %s, host %s, and path %s.",
+            method,
+            host,
+            path,
+        )
+
+        rate_limit_item = None
+        namespace = None
+
+        # Check all the configured rate limits for the method.
+        method_limits = rate_limits.get(method, {})
+        for path_regex, rate_limit in method_limits.items():
+            logger.debug(
+                "Checking if regex %s and rate limit %s matches for method %s, host %s,"
+                " and path %s.",
+                path_regex,
+                rate_limit,
+                method,
+                host,
+                path,
+            )
+
+            if re.match(path_regex, path):
+                rate_limit_item = rate_limit
+                namespace = f"{host}:{path}:{method}"
+                break
+
+        # If we didn't get a limit for the method + path, try the default for that
+        # method.
+        if rate_limit_item is None:
+            logger.debug(
+                "No rate limit found for method %s, host %s, and path %s. Trying"
+                " default rate limit for method %s and host %s.",
+                method,
+                host,
+                path,
+                method,
+                host,
+            )
+            rate_limit_item = method_limits.get("DEFAULT")
+            namespace = f"{host}:{method}"
+
+        # If there was no default limit for the method, try the overall default.
+        if rate_limit_item is None:
+            logger.debug(
+                "No rate limit found for method %s and host %s. Trying global default.",
+                method,
+                host,
+            )
+            rate_limit_item = rate_limits.get("DEFAULT")
+            namespace = host
+
+        logger.debug(
+            "Found rate limit %s with namespace %s for method %s, host %s, and path"
+            " %s.",
+            rate_limit_item,
+            namespace,
+            method,
+            host,
+            path,
+        )
+        return rate_limit_item, namespace
+
+    def rate_limit_hook(self, request):
+        """Check the requeste URL and hit the appropriate rate limit."""
+        # Get the rate limit for the request.
+        if request.url.host == "api.clerk.com":
+            logger.debug("Checking back end rate limits for request %s.", request)
+            rate_limit_item, namespace = self.get_rate_limit_item(
+                request=request, rate_limits=self.backend_rate_limits
+            )
+        else:
+            logger.debug("Checking front end rate limits for request %s.", request)
+            rate_limit_item, namespace = self.get_rate_limit_item(
+                request=request, rate_limits=self.frontend_rate_limits
+            )
+
+        # If the rate limit was specified as unlimited, do nothing.
+        if rate_limit_item is self.no_limit:
+            logger.debug("The rate limit is unlimited for request %s.", request)
+            return
+
+        # If there is no rate limit, do nothing.
+        if rate_limit_item is None:
+            logger.debug("There was no rate limit found for request %s.", request)
+            return
+
+        logger.debug("The rate limit is %s for request %s.", rate_limit_item, request)
+
+        # Check if we hit the rate limit.
+        while not self.strategy.hit(rate_limit_item, namespace):
+            logger.info(
+                "Hit rate limit for namespace %s while making request %s.",
+                namespace,
+                request,
+            )
+            sleep(1)
+
 
 def retry_predicate(exception):
     """Return whether to retry. This depends on getting an exception with a response
@@ -24,6 +187,12 @@ def retry_predicate(exception):
     )
 
 
+@pytest.fixture(scope="session")
+def clerk_rate_limiter():
+    """Return an instance of the Clerk rate limiter for use with HTTPX request hooks."""
+    return ClerkRateLimiter()
+
+
 @pytest.fixture(scope="session")
 def clerk_secret_key(request):
     """Retrieve the clerk secret key to use for the test.
@@ -54,7 +223,7 @@ def clerk_secret_key(request):
 
 
 @pytest.fixture(scope="session")
-def clerk_backend_httpx_client(clerk_secret_key):
+def clerk_backend_httpx_client(clerk_secret_key, clerk_rate_limiter):
     """A fixture that creates a HTTPX Client instance with the required backend Clerk
     Authorization headers set and the correct Clerk backend API base URL.
 
@@ -64,6 +233,7 @@ def clerk_backend_httpx_client(clerk_secret_key):
     client = httpx.Client(
         headers={"Authorization": f"Bearer {clerk_secret_key}"},
         base_url="https://api.clerk.com/v1",
+        event_hooks={"request": [clerk_rate_limiter.rate_limit_hook]},
     )
 
     yield client
@@ -89,7 +259,7 @@ def clerk_frontend_api_url():
 
 
 @pytest.fixture(scope="session")
-def clerk_frontend_httpx_client(clerk_frontend_api_url):
+def clerk_frontend_httpx_client(clerk_frontend_api_url, clerk_rate_limiter):
     """This fixture returns a function that creates an HTTPX Client instance with the
     required frontend Clerk Authorization parameters set and the correct Clerk frontend
     API base URL.
@@ -106,6 +276,7 @@ def clerk_frontend_httpx_client(clerk_frontend_api_url):
     client = httpx.Client(
         params={"__dev_session": result.json()["token"]},
         base_url=f"{clerk_frontend_api_url}/v1",
+        event_hooks={"request": [clerk_rate_limiter.rate_limit_hook]},
     )
 
     yield client