about summary refs log tree commit diff
path: root/spec
diff options
context:
space:
mode:
authorMatt Jankowski <mjankowski@thoughtbot.com>2017-06-07 11:23:26 -0400
committerEugen Rochko <eugen@zeonfederated.com>2017-06-07 17:23:26 +0200
commitf0634ba876639fcd7e506466683bf71ae81362d4 (patch)
tree8adf600ec5eb00979a72b5f9d545fd6dce58fe4f /spec
parent1d68fe1a60088183e6907a93dc5148b7dd11cdec (diff)
Coverage improvement and concern extraction for rate limit headers in API controller (#3625)
* Coverage for rate limit headers

* Move rate limit headers methods to concern

* Move throttle check to condition on before_action

* Move match_data variable into method

* Move utc timestamp to separate method

* Move header setting into smaller methods

* specs cleanup
Diffstat (limited to 'spec')
-rw-r--r--spec/controllers/api_controller_spec.rb5
-rw-r--r--spec/controllers/concerns/rate_limit_headers_spec.rb56
2 files changed, 60 insertions, 1 deletions
diff --git a/spec/controllers/api_controller_spec.rb b/spec/controllers/api_controller_spec.rb
index 1026afbbc..44be4276a 100644
--- a/spec/controllers/api_controller_spec.rb
+++ b/spec/controllers/api_controller_spec.rb
@@ -9,9 +9,12 @@ describe ApiController, type: :controller do
     end
   end
 
+  before do
+    routes.draw { post 'success' => 'api#success' }
+  end
+
   it 'does not protect from forgery' do
     ActionController::Base.allow_forgery_protection = true
-    routes.draw { post 'success' => 'api#success' }
     post 'success'
     expect(response).to have_http_status(:success)
   end
diff --git a/spec/controllers/concerns/rate_limit_headers_spec.rb b/spec/controllers/concerns/rate_limit_headers_spec.rb
new file mode 100644
index 000000000..719978dc2
--- /dev/null
+++ b/spec/controllers/concerns/rate_limit_headers_spec.rb
@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe ApplicationController do
+  controller do
+    include RateLimitHeaders
+
+    def show
+      head 200
+    end
+  end
+
+  before do
+    routes.draw { get 'show' => 'anonymous#show' }
+  end
+
+  describe 'rate limiting' do
+    context 'throttling is off' do
+      before do
+        request.env['rack.attack.throttle_data'] = nil
+      end
+
+      it 'does not apply rate limiting' do
+        get 'show'
+
+        expect(response.headers['X-RateLimit-Limit']).to be_nil
+        expect(response.headers['X-RateLimit-Remaining']).to be_nil
+        expect(response.headers['X-RateLimit-Reset']).to be_nil
+      end
+    end
+
+    context 'throttling is on' do
+      let(:start_time) { DateTime.new(2017, 1, 1, 12, 0, 0).utc }
+
+      before do
+        request.env['rack.attack.throttle_data'] = { 'api' => { limit: 100, count: 20, period: 10 } }
+        travel_to start_time do
+          get 'show'
+        end
+      end
+
+      it 'applies rate limiting limit header' do
+        expect(response.headers['X-RateLimit-Limit']).to eq '100'
+      end
+
+      it 'applies rate limiting remaining header' do
+        expect(response.headers['X-RateLimit-Remaining']).to eq '80'
+      end
+
+      it 'applies rate limiting reset header' do
+        expect(response.headers['X-RateLimit-Reset']).to eq (start_time + 10.seconds).iso8601(6)
+      end
+    end
+  end
+end