update reset password request limit to 1

src/main/java/com/danielbohry/authservice/service/auth/RateLimitingFilter.java

@@ -20,7 +20,7 @@ import static java.time.LocalDateTime.now;
 @Component
 public class RateLimitingFilter extends OncePerRequestFilter {
 
-    private static final int MAX_REQUESTS_PER_MINUTE = 2;
+    private static final int MAX_REQUESTS_PER_MINUTE = 1;
     private static final String FORGOT_PASSWORD_ENDPOINT = "/api/forgot-password";
 
     private final ConcurrentHashMap<String, List<LocalDateTime>> requestTracker = new ConcurrentHashMap<>();

src/test/java/com/danielbohry/authservice/service/auth/RateLimitingFilterTest.java

@@ -115,46 +115,27 @@ class RateLimitingFilterTest {
     }
 
     @Test
-    void shouldAllowSecondRequest() throws ServletException, IOException {
-        // given
-        when(request.getRequestURI()).thenReturn("/api/forgot-password");
-        when(request.getMethod()).thenReturn("POST");
-        when(request.getParameter("username")).thenReturn("testuser2");
-
-        // when - first request
-        rateLimitingFilter.doFilterInternal(request, response, filterChain);
-
-        // when - second request
-        rateLimitingFilter.doFilterInternal(request, response, filterChain);
-
-        // then
-        verify(filterChain, times(2)).doFilter(request, response);
-        verify(response, never()).setStatus(anyInt());
-    }
-
-    @Test
-    void shouldBlockThirdRequest() throws ServletException, IOException {
+    void shouldBlockSecondRequest() throws ServletException, IOException {
         // given
         when(request.getRequestURI()).thenReturn("/api/forgot-password");
         when(request.getMethod()).thenReturn("POST");
         when(request.getParameter("username")).thenReturn("testuser3");
         when(response.getWriter()).thenReturn(printWriter);
 
-        // when - first and second requests (should be allowed)
-        rateLimitingFilter.doFilterInternal(request, response, filterChain);
+        // when
         rateLimitingFilter.doFilterInternal(request, response, filterChain);
 
-        // when - third request (should be blocked)
+        // when
         rateLimitingFilter.doFilterInternal(request, response, filterChain);
 
         // then
-        verify(filterChain, times(2)).doFilter(request, response);
+        verify(filterChain, times(1)).doFilter(request, response);
         verify(response).setStatus(429);
         verify(response).setContentType("application/json");
 
         String responseContent = stringWriter.toString();
         assertTrue(responseContent.contains("Too many requests"));
-        assertTrue(responseContent.contains("Maximum 2 requests per minute allowed"));
+        assertTrue(responseContent.contains("Maximum 1 requests per minute allowed"));
     }
 
     @Test
@@ -164,20 +145,19 @@ class RateLimitingFilterTest {
         when(request.getMethod()).thenReturn("POST");
         when(response.getWriter()).thenReturn(printWriter);
 
-        // when - make 2 requests for user1
+        // when
         when(request.getParameter("username")).thenReturn("user1");
         rateLimitingFilter.doFilterInternal(request, response, filterChain);
-        rateLimitingFilter.doFilterInternal(request, response, filterChain);
 
-        // when - make third request for user1 (should be blocked)
+        // when
         rateLimitingFilter.doFilterInternal(request, response, filterChain);
 
-        // when - make first request for user2 (should be allowed)
+        // when
         when(request.getParameter("username")).thenReturn("user2");
         rateLimitingFilter.doFilterInternal(request, response, filterChain);
 
         // then
-        verify(filterChain, times(3)).doFilter(request, response);
+        verify(filterChain, times(2)).doFilter(request, response);
         verify(response, times(1)).setStatus(429);
     }
 }