Bug 24229: Avoid fetching ALL items in test

I'm not sure what we need to test here, besides we get results. I'm
pretty sure we shouldn't allow a plain GET return all objects because it
could cause a DOS very easily. But it certainly belongs to a separate
bug/discussion.

In this case, I put a constraint on the items domain (by using
_per_page=10 in the query params) so it won't happen that under certain
conditions the user agent used by Test::Mojo time outs.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

diff --git a/t/db_dependent/api/v1/items.t b/t/db_dependent/api/v1/items.t
index 9eb623b..a4c62aa 100644 (file)
--- a/t/db_dependent/api/v1/items.t
+++ b/t/db_dependent/api/v1/items.t
@@ -51,6 +51,11 @@ subtest 'list() tests' => sub {
         }
     );
 
+    # Make sure we have at least 10 items
+    for ( 1..10 ) {
+        $builder->build_object({ class => 'Koha::Items' });
+    }
+
     my $nonprivilegedpatron = $builder->build_object(
         {
             class => 'Koha::Patrons',
@@ -72,13 +77,12 @@ subtest 'list() tests' => sub {
     $patron->set_password( { password => $password, skip_validation => 1 } );
     $userid = $patron->userid;
 
-    $t->get_ok( "//$userid:$password@/api/v1/items" )
+    $t->get_ok( "//$userid:$password@/api/v1/items?_per_page=10" )
       ->status_is( 200, 'SWAGGER3.2.2' );
 
-    my $items_count = Koha::Items->search->count;
     my $response_count = scalar @{ $t->tx->res->json };
 
-    is( $items_count, $response_count, 'The API returns all the items' );
+    is( $response_count, 10, 'The API returns 10 items' );
 
     $t->get_ok( "//$userid:$password@/api/v1/items?external_id=" . $item->barcode )
       ->status_is(200)