diff options
Diffstat (limited to 'spec/requests/api/search_spec.rb')
-rw-r--r-- | spec/requests/api/search_spec.rb | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/spec/requests/api/search_spec.rb b/spec/requests/api/search_spec.rb index 0feff90d088..6a57cf52466 100644 --- a/spec/requests/api/search_spec.rb +++ b/spec/requests/api/search_spec.rb @@ -473,6 +473,21 @@ RSpec.describe API::Search, :clean_gitlab_redis_rate_limiting, feature_category: get api(endpoint, current_user), params: { scope: 'users', search: 'foo@bar.com' } end end + + context 'when request exceeds the rate limit', :freeze_time, :clean_gitlab_redis_rate_limiting do + before do + stub_application_setting(search_rate_limit: 1) + end + + it 'allows user whose username is in the allowlist' do + stub_application_setting(search_rate_limit_allowlist: [user.username]) + + get api(endpoint, user), params: { scope: 'users', search: 'foo@bar.com' } + get api(endpoint, user), params: { scope: 'users', search: 'foo@bar.com' } + + expect(response).to have_gitlab_http_status(:ok) + end + end end describe "GET /groups/:id/search" do @@ -658,6 +673,21 @@ RSpec.describe API::Search, :clean_gitlab_redis_rate_limiting, feature_category: get api(endpoint, current_user), params: { scope: 'users', search: 'foo@bar.com' } end end + + context 'when request exceeds the rate limit', :freeze_time, :clean_gitlab_redis_rate_limiting do + before do + stub_application_setting(search_rate_limit: 1) + end + + it 'allows user whose username is in the allowlist' do + stub_application_setting(search_rate_limit_allowlist: [user.username]) + + get api(endpoint, user), params: { scope: 'users', search: 'foo@bar.com' } + get api(endpoint, user), params: { scope: 'users', search: 'foo@bar.com' } + + expect(response).to have_gitlab_http_status(:ok) + end + end end end @@ -1057,6 +1087,21 @@ RSpec.describe API::Search, :clean_gitlab_redis_rate_limiting, feature_category: get api(endpoint, current_user), params: { scope: 'users', search: 'foo@bar.com' } end end + + context 'when request exceeds the rate limit', :freeze_time, :clean_gitlab_redis_rate_limiting do + before do + stub_application_setting(search_rate_limit: 1) + end + + it 'allows user whose username is in the allowlist' do + stub_application_setting(search_rate_limit_allowlist: [user.username]) + + get api(endpoint, user), params: { scope: 'users', search: 'foo@bar.com' } + get api(endpoint, user), params: { scope: 'users', search: 'foo@bar.com' } + + expect(response).to have_gitlab_http_status(:ok) + end + end end end end |