diff options
Diffstat (limited to 'spec/requests/rack_attack_global_spec.rb')
-rw-r--r-- | spec/requests/rack_attack_global_spec.rb | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/spec/requests/rack_attack_global_spec.rb b/spec/requests/rack_attack_global_spec.rb index 9fdafc06695..805ac5a9118 100644 --- a/spec/requests/rack_attack_global_spec.rb +++ b/spec/requests/rack_attack_global_spec.rb @@ -125,7 +125,8 @@ RSpec.describe 'Rack Attack global throttles' do env: :throttle, remote_ip: '127.0.0.1', request_method: 'GET', - path: '/users/sign_in' + path: '/users/sign_in', + matched: 'throttle_unauthenticated' } expect(Gitlab::AuthLogger).to receive(:error).with(arguments) @@ -319,4 +320,62 @@ RSpec.describe 'Rack Attack global throttles' do it_behaves_like 'rate-limited web authenticated requests' end end + + describe 'throttle bypass header' do + let(:headers) { {} } + let(:bypass_header) { 'gitlab-bypass-rate-limiting' } + + def do_request + get '/users/sign_in', headers: headers + end + + before do + # Disabling protected paths throttle, otherwise requests to + # '/users/sign_in' are caught by this throttle. + settings_to_set[:throttle_protected_paths_enabled] = false + + # Set low limits + settings_to_set[:throttle_unauthenticated_requests_per_period] = requests_per_period + settings_to_set[:throttle_unauthenticated_period_in_seconds] = period_in_seconds + + stub_env('GITLAB_THROTTLE_BYPASS_HEADER', bypass_header) + settings_to_set[:throttle_unauthenticated_enabled] = true + + stub_application_setting(settings_to_set) + end + + shared_examples 'reject requests over the rate limit' do + it 'rejects requests over the rate limit' do + # At first, allow requests under the rate limit. + requests_per_period.times do + do_request + expect(response).to have_gitlab_http_status(:ok) + end + + # the last straw + expect_rejection { do_request } + end + end + + context 'without the bypass header set' do + it_behaves_like 'reject requests over the rate limit' + end + + context 'with bypass header set to 1' do + let(:headers) { { bypass_header => '1' } } + + it 'does not throttle' do + (1 + requests_per_period).times do + do_request + expect(response).to have_gitlab_http_status(:ok) + end + end + end + + context 'with bypass header set to some other value' do + let(:headers) { { bypass_header => 'some other value' } } + + it_behaves_like 'reject requests over the rate limit' + end + end end |