Reset throttling to properly test api rate limits

Signed-off-by: Keshav Priyadarshi <[email protected]>

Author: keshav-space

vulnerabilities/tests/test_api_v2.py

@@ -10,6 +10,7 @@
 from unittest.mock import patch
 
 from django.contrib.auth.models import User
+from django.core.cache import cache
 from django.db.models import Prefetch
 from django.urls import reverse
 from rest_framework import status
@@ -670,6 +671,12 @@ def test_lookup_with_invalid_purl_format(self):
 
 class PipelineScheduleV2ViewSetTest(APITestCase):
     def setUp(self):
+        # Reset the api throttling for anon user to properly test the
+        # access on schedule endpoint.
+        # DRF stores throttling state in cache, clear cache to reset throttling.
+        # See https://www.django-rest-framework.org/api-guide/throttling/#setting-up-the-cache
+        cache.clear()
+
         patcher = patch.object(PipelineSchedule, "create_new_job")
         self.mock_create_new_job = patcher.start()
         self.addCleanup(patcher.stop)

vulnerabilities/tests/test_throttling.py

@@ -9,6 +9,7 @@
 
 import json
 
+from django.core.cache import cache
 from rest_framework.test import APIClient
 from rest_framework.test import APITestCase
 
@@ -17,6 +18,11 @@
 
 class ThrottleApiTests(APITestCase):
     def setUp(self):
+        # Reset the api throttling to properly test the rate limit on anon users.
+        # DRF stores throttling state in cache, clear cache to reset throttling.
+        # See https://www.django-rest-framework.org/api-guide/throttling/#setting-up-the-cache
+        cache.clear()
+
         # create a basic user
         self.user = ApiUser.objects.create_api_user(username="[email protected]")
         self.auth = f"Token {self.user.auth_token.key}"