diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java index 6ef9c8f269..7a72f9301e 100644 --- a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java +++ b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java @@ -103,9 +103,9 @@ public class ApiRateLimitFilter extends OncePerRequestFilter { private List papiIpWhiteList; private List papiClientIdWhiteList; - private static final String TOO_MANY_REQUESTS_MSG = "Too Many Requests - You have exceeded the daily allowance of API calls.\\n" + private static final String TOO_MANY_REQUESTS_MSG = "Too Many Requests. You have exceeded the daily quota for anonymous usage of this API. \\n" + "You can increase your daily quota by registering for and using Public API client credentials " - + "(https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/ )"; + + "(https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/)"; private static final String SUBJECT = "[ORCID-API] WARNING! You have exceeded the daily Public API Usage Limit - "; @@ -211,7 +211,6 @@ private void rateLimitClientRequest(String clientId, LocalDate today) { // update the request count rateLimitEntity.setRequestCount(rateLimitEntity.getRequestCount() + 1); papiRateLimitingDao.updatePublicApiDailyRateLimit(rateLimitEntity, true); - } else { // create rateLimitEntity = new PublicApiDailyRateLimitEntity(); diff --git a/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java b/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java index a43a0c9dd9..cc4fa6684a 100644 --- a/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java +++ b/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java @@ -16,6 +16,8 @@ import javax.servlet.FilterChain; import javax.servlet.ServletException; import java.io.IOException; + +import static org.junit.Assert.assertEquals; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.*; @@ -179,4 +181,28 @@ public void doFilterInternal_clientRequest_existingEntryTest() throws ServletExc verify(papiRateLimitingDaoMock, times(1)).updatePublicApiDailyRateLimit(any(PublicApiDailyRateLimitEntity.class), eq(true)); verify(papiRateLimitingDaoMock, never()).persist(any(PublicApiDailyRateLimitEntity.class)); } + + @Test + public void doFilterInternal_checkLimitReachedTest() throws ServletException, IOException { + MockitoAnnotations.initMocks(this); + String ip = "127.0.0.2"; + + PublicApiDailyRateLimitEntity e = new PublicApiDailyRateLimitEntity(); + e.setId(1000L); + e.setIpAddress(ip); + e.setRequestCount(10001L); + + TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "enableRateLimiting", true); + TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "orcidTokenStore", orcidTokenStoreMock); + TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "papiRateLimitingDao", papiRateLimitingDaoMock); + + when(papiRateLimitingDaoMock.findByIpAddressAndRequestDate(eq(ip), any())).thenReturn(e); + httpServletRequestMock.addHeader("X-REAL-IP", ip); + + apiRateLimitFilter.doFilterInternal(httpServletRequestMock, httpServletResponseMock, filterChainMock); + + assertEquals(429, httpServletResponseMock.getStatus()); + String content = httpServletResponseMock.getContentAsString(); + assertEquals("Too Many Requests. You have exceeded the daily quota for anonymous usage of this API. \\nYou can increase your daily quota by registering for and using Public API client credentials (https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/)", content); + } } \ No newline at end of file