diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-22 15:08:58 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-22 15:08:58 +0300 |
| commit | ed45528885b7b44c61f18175fe7cdbda12360669 (patch) | |
| tree | 3d27c00a8a83d569cf238eaa05b7eb24b7a28a8d /spec | |
| parent | ab85af0f318ccbcfdd508e7a2f85788f26831785 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/controllers/projects/repositories_controller_spec.rb | 14 | ||||
| -rw-r--r-- | spec/lib/gitlab/rate_limit_helpers_spec.rb | 49 | ||||
| -rw-r--r-- | spec/requests/api/repositories_spec.rb | 12 |
3 files changed, 75 insertions, 0 deletions
diff --git a/spec/controllers/projects/repositories_controller_spec.rb b/spec/controllers/projects/repositories_controller_spec.rb index d4a81f24d9c..2d39f0afaee 100644 --- a/spec/controllers/projects/repositories_controller_spec.rb +++ b/spec/controllers/projects/repositories_controller_spec.rb @@ -6,6 +6,10 @@ describe Projects::RepositoriesController do let(:project) { create(:project, :repository) } describe "GET archive" do + before do + allow(controller).to receive(:archive_rate_limit_reached?).and_return(false) + end + context 'as a guest' do it 'responds with redirect in correct format' do get :archive, params: { namespace_id: project.namespace, project_id: project, id: "master" }, format: "zip" @@ -96,6 +100,16 @@ describe Projects::RepositoriesController do end end + describe 'rate limiting' do + it 'rate limits user when thresholds hit' do + expect(controller).to receive(:archive_rate_limit_reached?).and_return(true) + + get :archive, params: { namespace_id: project.namespace, project_id: project, id: 'master' }, format: "html" + + expect(response).to have_gitlab_http_status(:too_many_requests) + end + end + describe 'caching' do it 'sets appropriate caching headers' do get_archive diff --git a/spec/lib/gitlab/rate_limit_helpers_spec.rb b/spec/lib/gitlab/rate_limit_helpers_spec.rb new file mode 100644 index 00000000000..7eee30d60ca --- /dev/null +++ b/spec/lib/gitlab/rate_limit_helpers_spec.rb @@ -0,0 +1,49 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Gitlab::RateLimitHelpers, :clean_gitlab_redis_shared_state do + let(:limiter_class) do + Class.new do + include ::Gitlab::RateLimitHelpers + + attr_reader :request + + def initialize(request) + @request = request + end + end + end + + let(:request) { instance_double(ActionDispatch::Request, request_method: 'GET', ip: '127.0.0.1', fullpath: '/') } + let(:class_instance) { limiter_class.new(request) } + + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project) } + + describe '#archive_rate_limit_reached?' do + context 'with a user' do + it 'rate limits the user properly' do + 5.times do + expect(class_instance.archive_rate_limit_reached?(user, project)).to be_falsey + end + + expect(class_instance.archive_rate_limit_reached?(user, project)).to be_truthy + end + end + + context 'with an anonymous user' do + before do + stub_const('Gitlab::RateLimitHelpers::ARCHIVE_RATE_ANONYMOUS_THRESHOLD', 2) + end + + it 'rate limits with higher limits' do + 2.times do + expect(class_instance.archive_rate_limit_reached?(nil, project)).to be_falsey + end + + expect(class_instance.archive_rate_limit_reached?(nil, project)).to be_truthy + end + end + end +end diff --git a/spec/requests/api/repositories_spec.rb b/spec/requests/api/repositories_spec.rb index 8bca458bece..b1a65ded9ef 100644 --- a/spec/requests/api/repositories_spec.rb +++ b/spec/requests/api/repositories_spec.rb @@ -223,6 +223,10 @@ describe API::Repositories do describe "GET /projects/:id/repository/archive(.:format)?:sha" do let(:route) { "/projects/#{project.id}/repository/archive" } + before do + allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(false) + end + shared_examples_for 'repository archive' do it 'returns the repository archive' do get api(route, current_user) @@ -263,6 +267,14 @@ describe API::Repositories do let(:message) { '404 File Not Found' } end end + + it 'rate limits user when thresholds hit' do + allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(true) + + get api("/projects/#{project.id}/repository/archive.tar.bz2", user) + + expect(response).to have_gitlab_http_status(:too_many_requests) + end end context 'when unauthenticated', 'and project is public' do |