On Sat, Jun 18, 2022 at 11:06:02AM +0900, Dong Wook Lee wrote: > I have written a test for the auth_delay extension before, > but if it is okay, can you review it?
+# check enter wrong password +my $t0 = [gettimeofday]; +test_login($node, 'user_role', "wrongpass", 2); +my $elapsed = tv_interval($t0, [gettimeofday]); +ok($elapsed >= $delay_milliseconds / 1000, "auth_delay $elapsed seconds"); + +# check enter correct password +my $t0 = [gettimeofday]; +test_login($node, 'user_role', "pass", 0); +my $elapsed = tv_interval($t0, [gettimeofday]); +ok($elapsed < $delay_milliseconds / 1000, "auth_delay $elapsed seconds"); On a slow machine, I suspect that the second test is going to be unstable as it would fail if the login attempt (that succeeds) takes more than $delay_milliseconds. You could increase more delay_milliseconds to leverage that, but it would make the first test slower for nothing on faster machines in the case where the authentication attempt has failed. I guess that you could leverage that by using a large value for delay_milliseconds in the second test, because we are never going to wait. For the first test, you could on the contrary use a much lower value, still on slow machines it may not test what the code path of auth_delay you are willing to test. As a whole, I am not sure that this is really worth spending cycles on when running check-world or similar, and the code of the extension is trivial. -- Michael
signature.asc
Description: PGP signature
