diff options
| author | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-02-06 15:48:46 +0300 |
|---|---|---|
| committer | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-03-06 17:41:24 +0300 |
| commit | e5cf3f51fb568361a247d715facb6cd9bb15bb16 (patch) | |
| tree | d12f9644c8b0dd0765fd0de90d69027848341083 /spec/lib/gitlab/auth | |
| parent | 27729aa3a4666c6b06006c76023f4bff60f8ba25 (diff) | |
Allow limiting logging in users from too many different IPs.
Diffstat (limited to 'spec/lib/gitlab/auth')
| -rw-r--r-- | spec/lib/gitlab/auth/unique_ips_limiter_spec.rb | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth/unique_ips_limiter_spec.rb b/spec/lib/gitlab/auth/unique_ips_limiter_spec.rb new file mode 100644 index 00000000000..8e9fea0724a --- /dev/null +++ b/spec/lib/gitlab/auth/unique_ips_limiter_spec.rb @@ -0,0 +1,88 @@ +require 'spec_helper' + +describe Gitlab::Auth::UniqueIpsLimiter, lib: true do + let(:user) { create(:user) } + + before(:each) do + Gitlab::Redis.with do |redis| + redis.del("user_unique_ips:#{user.id}") + end + end + + describe '#count_unique_ips' do + + context 'non unique IPs' do + it 'properly counts them' do + expect(Gitlab::Auth::UniqueIpsLimiter.count_unique_ips(user.id, '192.168.1.1')).to eq(1) + expect(Gitlab::Auth::UniqueIpsLimiter.count_unique_ips(user.id, '192.168.1.1')).to eq(1) + end + end + + context 'unique IPs' do + it 'properly counts them' do + expect(Gitlab::Auth::UniqueIpsLimiter.count_unique_ips(user.id, '192.168.1.2')).to eq(1) + expect(Gitlab::Auth::UniqueIpsLimiter.count_unique_ips(user.id, '192.168.1.3')).to eq(2) + end + end + + it 'resets count after specified time window' do + cur_time = Time.now.to_i + allow(Time).to receive(:now).and_return(cur_time) + + expect(Gitlab::Auth::UniqueIpsLimiter.count_unique_ips(user.id, '192.168.1.2')).to eq(1) + expect(Gitlab::Auth::UniqueIpsLimiter.count_unique_ips(user.id, '192.168.1.3')).to eq(2) + + allow(Time).to receive(:now).and_return(cur_time + Gitlab::Auth::UniqueIpsLimiter.config.unique_ips_limit_time_window) + + expect(Gitlab::Auth::UniqueIpsLimiter.count_unique_ips(user.id, '192.168.1.4')).to eq(1) + expect(Gitlab::Auth::UniqueIpsLimiter.count_unique_ips(user.id, '192.168.1.5')).to eq(2) + end + end + + + describe '#limit_user!' do + context 'when unique ips limit is enabled' do + before do + allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true) + allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(10) + end + + context 'when ip limit is set to 1' do + before do + allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1) + end + + it 'blocks user trying to login from second ip' do + RequestStore[:client_ip] = '192.168.1.1' + expect(Gitlab::Auth::UniqueIpsLimiter.limit_user! { user }).to eq(user) + + RequestStore[:client_ip] = '192.168.1.2' + expect { Gitlab::Auth::UniqueIpsLimiter.limit_user! { user } }.to raise_error(Gitlab::Auth::TooManyIps) + end + + it 'allows user trying to login from the same ip twice' do + RequestStore[:client_ip] = '192.168.1.1' + expect(Gitlab::Auth::UniqueIpsLimiter.limit_user! { user }).to eq(user) + expect(Gitlab::Auth::UniqueIpsLimiter.limit_user! { user }).to eq(user) + end + end + + context 'when ip limit is set to 2' do + before do + allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(2) + end + + it 'blocks user trying to login from third ip' do + RequestStore[:client_ip] = '192.168.1.1' + expect(Gitlab::Auth::UniqueIpsLimiter.limit_user! { user }).to eq(user) + + RequestStore[:client_ip] = '192.168.1.2' + expect(Gitlab::Auth::UniqueIpsLimiter.limit_user! { user }).to eq(user) + + RequestStore[:client_ip] = '192.168.1.3' + expect { Gitlab::Auth::UniqueIpsLimiter.limit_user! { user } }.to raise_error(Gitlab::Auth::TooManyIps) + end + end + end + end +end |