diff options
| author | Thong Kuah <tkuah@gitlab.com> | 2019-06-28 13:03:10 +0300 |
|---|---|---|
| committer | Thong Kuah <tkuah@gitlab.com> | 2019-06-28 13:03:10 +0300 |
| commit | bac5bfc7dc57e816685f3b8cfd94a4f56473dbc3 (patch) | |
| tree | bfa4ad772794ea23ad35d9c9ab5097e646ffe55b /spec | |
| parent | 2321b337f1487031e2cab8e1a4e778f3aaf8e2da (diff) | |
| parent | 82c31a9addfe87e91b512abb982d2223fa4ed730 (diff) | |
Merge branch 'sh-support-subnets-ip-rate-limiter' into 'master'
Support CIDR notation in IP rate limiter
See merge request gitlab-org/gitlab-ce!30146
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/lib/gitlab/auth/ip_rate_limiter_spec.rb | 65 | ||||
| -rw-r--r-- | spec/support/helpers/stub_configuration.rb | 5 |
2 files changed, 70 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb b/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb new file mode 100644 index 00000000000..8d6bf45ab30 --- /dev/null +++ b/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Gitlab::Auth::IpRateLimiter, :use_clean_rails_memory_store_caching do + let(:ip) { '10.2.2.3' } + let(:whitelist) { ['127.0.0.1'] } + let(:options) do + { + enabled: true, + ip_whitelist: whitelist, + bantime: 1.minute, + findtime: 1.minute, + maxretry: 2 + } + end + + subject { described_class.new(ip) } + + before do + stub_rack_attack_setting(options) + end + + after do + subject.reset! + end + + describe '#register_fail!' do + it 'bans after 3 consecutive failures' do + expect(subject.banned?).to be_falsey + + 3.times { subject.register_fail! } + + expect(subject.banned?).to be_truthy + end + + shared_examples 'whitelisted IPs' do + it 'does not ban after max retry limit' do + expect(subject.banned?).to be_falsey + + 3.times { subject.register_fail! } + + expect(subject.banned?).to be_falsey + end + end + + context 'with a whitelisted netmask' do + before do + options[:ip_whitelist] = ['127.0.0.1', '10.2.2.0/24', 'bad'] + stub_rack_attack_setting(options) + end + + it_behaves_like 'whitelisted IPs' + end + + context 'with a whitelisted IP' do + before do + options[:ip_whitelist] = ['10.2.2.3'] + stub_rack_attack_setting(options) + end + + it_behaves_like 'whitelisted IPs' + end + end +end diff --git a/spec/support/helpers/stub_configuration.rb b/spec/support/helpers/stub_configuration.rb index 0d591f038ce..c372a3f0e49 100644 --- a/spec/support/helpers/stub_configuration.rb +++ b/spec/support/helpers/stub_configuration.rb @@ -95,6 +95,11 @@ module StubConfiguration allow(Gitlab.config.gitlab_shell).to receive_messages(to_settings(messages)) end + def stub_rack_attack_setting(messages) + allow(Gitlab.config.rack_attack).to receive(:git_basic_auth).and_return(messages) + allow(Gitlab.config.rack_attack.git_basic_auth).to receive_messages(to_settings(messages)) + end + private # Modifies stubbed messages to also stub possible predicate versions |