diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2023-02-26 15:06:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-26 15:06:03 +0100 |
| commit | 6a4be4e96677eb3e1303ddcab8f8b4bea7298453 (patch) | |
| tree | 52627bf6dd64b0a33e280442b2de60b4e802a544 /spec/config/initializers/rack_attack_spec.rb | |
| parent | 45087c1092143e95dfcc85b6c9abc5c6c0a0a5c2 (diff) | |
| parent | b91756fd4d475edff890e460c44b3a7245ad51e2 (diff) | |
Merge pull request #2119 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'spec/config/initializers/rack_attack_spec.rb')
| -rw-r--r-- | spec/config/initializers/rack_attack_spec.rb | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/spec/config/initializers/rack_attack_spec.rb b/spec/config/initializers/rack_attack_spec.rb index 50d4505b7..cc931b21b 100644 --- a/spec/config/initializers/rack_attack_spec.rb +++ b/spec/config/initializers/rack_attack_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails_helper' describe Rack::Attack do @@ -8,6 +10,17 @@ describe Rack::Attack do end shared_examples 'throttled endpoint' do + before do + # Rack::Attack periods are not rolling, so avoid flaky tests by setting the time in a way + # to avoid crossing period boundaries. + + # The code Rack::Attack uses to set periods is the following: + # https://github.com/rack/rack-attack/blob/v6.6.1/lib/rack/attack/cache.rb#L64-L66 + # So we want to minimize `Time.now.to_i % period` + + travel_to Time.zone.at((Time.now.to_i / period.seconds).to_i * period.seconds) + end + context 'when the number of requests is lower than the limit' do it 'does not change the request status' do limit.times do @@ -18,11 +31,16 @@ describe Rack::Attack do end context 'when the number of requests is higher than the limit' do - it 'returns http too many requests' do + it 'returns http too many requests after limit and returns to normal status after period' do (limit * 2).times do |i| request.call expect(last_response.status).to eq(429) if i > limit end + + travel period + + request.call + expect(last_response.status).to_not eq(429) end end end @@ -31,7 +49,8 @@ describe Rack::Attack do describe 'throttle excessive sign-up requests by IP address' do context 'through the website' do - let(:limit) { 25 } + let(:limit) { 25 } + let(:period) { 5.minutes } let(:request) { -> { post path, {}, 'REMOTE_ADDR' => remote_ip } } context 'for exact path' do @@ -48,7 +67,8 @@ describe Rack::Attack do end context 'through the API' do - let(:limit) { 5 } + let(:limit) { 5 } + let(:period) { 30.minutes } let(:request) { -> { post path, {}, 'REMOTE_ADDR' => remote_ip } } context 'for exact path' do @@ -69,7 +89,8 @@ describe Rack::Attack do end describe 'throttle excessive sign-in requests by IP address' do - let(:limit) { 25 } + let(:limit) { 25 } + let(:period) { 5.minutes } let(:request) { -> { post path, {}, 'REMOTE_ADDR' => remote_ip } } context 'for exact path' do |