adjusted flaky test

2026-05-01 19:32:00 +03:00
parent 53ac0d29da
commit 4850da6f56
2 changed files with 3 additions and 3 deletions
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -77,7 +77,7 @@ If someone is able to tamper with the OAuth2 responses then the entire OAuth2 fl
 This is a common and usually valid report but there is no easy solution without confusing and degrading the users experience.
-Some endpoints, like the user create/register, can be used for username or emails enumeration based on various response heuristics - timing, specific error messages, etc.
+Some endpoints, like the user create/register, can be used for usernames or emails enumeration based on various response heuristics - timing, specific error messages, etc.
 In many places where applicable we've tried to minimize the impact by using constant time checks, returning non-descriptive error messages, applying an internal rate limit for some operations, etc. but it is not bulletproof and if somebody wants to find out if a user is registered they will be able to do it one way or another.
--- a/apis/middlewares_rate_limit_test.go
+++ b/apis/middlewares_rate_limit_test.go
@@ -86,8 +86,8 @@ func TestDefaultRateLimitMiddleware(t *testing.T) {
 		{"/rate/a", 0, false, 200},
 		{"/rate/a", 800, false, 200}, // (fixed window check) wait enough to ensure that it can't fit more than 2 requests in 1s
-		{"/rate/a", 500, false, 200},
+		{"/rate/a", 600, false, 200},
-		{"/rate/a", 800, false, 200},
+		{"/rate/a", 850, false, 200},
 		{"/rate/a", 0, false, 200},
 		{"/rate/a", 0, false, 429},
 		{"/rate/a", 0, false, 429},