diff options
author | Matt Jankowski <mjankowski@thoughtbot.com> | 2017-06-07 11:23:26 -0400 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-06-07 17:23:26 +0200 |
commit | f0634ba876639fcd7e506466683bf71ae81362d4 (patch) | |
tree | 8adf600ec5eb00979a72b5f9d545fd6dce58fe4f /spec/controllers | |
parent | 1d68fe1a60088183e6907a93dc5148b7dd11cdec (diff) |
Coverage improvement and concern extraction for rate limit headers in API controller (#3625)
* Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/api_controller_spec.rb | 5 | ||||
-rw-r--r-- | spec/controllers/concerns/rate_limit_headers_spec.rb | 56 |
2 files changed, 60 insertions, 1 deletions
diff --git a/spec/controllers/api_controller_spec.rb b/spec/controllers/api_controller_spec.rb index 1026afbbc..44be4276a 100644 --- a/spec/controllers/api_controller_spec.rb +++ b/spec/controllers/api_controller_spec.rb @@ -9,9 +9,12 @@ describe ApiController, type: :controller do end end + before do + routes.draw { post 'success' => 'api#success' } + end + it 'does not protect from forgery' do ActionController::Base.allow_forgery_protection = true - routes.draw { post 'success' => 'api#success' } post 'success' expect(response).to have_http_status(:success) end diff --git a/spec/controllers/concerns/rate_limit_headers_spec.rb b/spec/controllers/concerns/rate_limit_headers_spec.rb new file mode 100644 index 000000000..719978dc2 --- /dev/null +++ b/spec/controllers/concerns/rate_limit_headers_spec.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe ApplicationController do + controller do + include RateLimitHeaders + + def show + head 200 + end + end + + before do + routes.draw { get 'show' => 'anonymous#show' } + end + + describe 'rate limiting' do + context 'throttling is off' do + before do + request.env['rack.attack.throttle_data'] = nil + end + + it 'does not apply rate limiting' do + get 'show' + + expect(response.headers['X-RateLimit-Limit']).to be_nil + expect(response.headers['X-RateLimit-Remaining']).to be_nil + expect(response.headers['X-RateLimit-Reset']).to be_nil + end + end + + context 'throttling is on' do + let(:start_time) { DateTime.new(2017, 1, 1, 12, 0, 0).utc } + + before do + request.env['rack.attack.throttle_data'] = { 'api' => { limit: 100, count: 20, period: 10 } } + travel_to start_time do + get 'show' + end + end + + it 'applies rate limiting limit header' do + expect(response.headers['X-RateLimit-Limit']).to eq '100' + end + + it 'applies rate limiting remaining header' do + expect(response.headers['X-RateLimit-Remaining']).to eq '80' + end + + it 'applies rate limiting reset header' do + expect(response.headers['X-RateLimit-Reset']).to eq (start_time + 10.seconds).iso8601(6) + end + end + end +end |