diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2023-02-25 14:00:40 +0100 |
|---|---|---|
| committer | Claire <claire.github-309c@sitedethib.com> | 2023-02-25 14:00:40 +0100 |
| commit | 4ed09276d5267181061dff438a0b10770db9f226 (patch) | |
| tree | cb8f358d58669626332ea01bcf0186d08b5eac90 /spec/config | |
| parent | 45087c1092143e95dfcc85b6c9abc5c6c0a0a5c2 (diff) | |
| parent | 730bb3e211a84a2f30e3e2bbeae3f77149824a68 (diff) | |
Merge branch 'main' into glitch-soc/merge-upstream
Conflicts: - `.prettierignore`: Upstream added a line at the end of the file, while glitch-soc had its own extra lines. Took upstream's change. - `CONTRIBUTING.md`: We have our custom CONTRIBUTING.md quoting upstream. Upstream made changes. Ported upstream changes. - `app/controllers/application_controller.rb`: Upstream made code style changes in a method that is entirely replaced in glitch-soc. Ignored the change. - `app/models/account.rb`: Code style changes textually close to glitch-soc-specific changes. Ported upstream changes. - `lib/sanitize_ext/sanitize_config.rb`: Upstream code style changes. Ignored them.
Diffstat (limited to 'spec/config')
| -rw-r--r-- | spec/config/initializers/rack_attack_spec.rb | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/spec/config/initializers/rack_attack_spec.rb b/spec/config/initializers/rack_attack_spec.rb index 50d4505b7..cc931b21b 100644 --- a/spec/config/initializers/rack_attack_spec.rb +++ b/spec/config/initializers/rack_attack_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails_helper' describe Rack::Attack do @@ -8,6 +10,17 @@ describe Rack::Attack do end shared_examples 'throttled endpoint' do + before do + # Rack::Attack periods are not rolling, so avoid flaky tests by setting the time in a way + # to avoid crossing period boundaries. + + # The code Rack::Attack uses to set periods is the following: + # https://github.com/rack/rack-attack/blob/v6.6.1/lib/rack/attack/cache.rb#L64-L66 + # So we want to minimize `Time.now.to_i % period` + + travel_to Time.zone.at((Time.now.to_i / period.seconds).to_i * period.seconds) + end + context 'when the number of requests is lower than the limit' do it 'does not change the request status' do limit.times do @@ -18,11 +31,16 @@ describe Rack::Attack do end context 'when the number of requests is higher than the limit' do - it 'returns http too many requests' do + it 'returns http too many requests after limit and returns to normal status after period' do (limit * 2).times do |i| request.call expect(last_response.status).to eq(429) if i > limit end + + travel period + + request.call + expect(last_response.status).to_not eq(429) end end end @@ -31,7 +49,8 @@ describe Rack::Attack do describe 'throttle excessive sign-up requests by IP address' do context 'through the website' do - let(:limit) { 25 } + let(:limit) { 25 } + let(:period) { 5.minutes } let(:request) { -> { post path, {}, 'REMOTE_ADDR' => remote_ip } } context 'for exact path' do @@ -48,7 +67,8 @@ describe Rack::Attack do end context 'through the API' do - let(:limit) { 5 } + let(:limit) { 5 } + let(:period) { 30.minutes } let(:request) { -> { post path, {}, 'REMOTE_ADDR' => remote_ip } } context 'for exact path' do @@ -69,7 +89,8 @@ describe Rack::Attack do end describe 'throttle excessive sign-in requests by IP address' do - let(:limit) { 25 } + let(:limit) { 25 } + let(:period) { 5.minutes } let(:request) { -> { post path, {}, 'REMOTE_ADDR' => remote_ip } } context 'for exact path' do |