Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb')
-rw-r--r--spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb57
1 files changed, 57 insertions, 0 deletions
diff --git a/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb b/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb
new file mode 100644
index 00000000000..bb2a4159071
--- /dev/null
+++ b/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb
@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+#
+# Requires a context containing:
+# - request (use method definition to avoid memoizing!)
+# - current_user
+# - error_message # optional
+
+RSpec.shared_examples 'rate limited endpoint' do |rate_limit_key:|
+ context 'when rate limiter enabled', :freeze_time, :clean_gitlab_redis_rate_limiting do
+ let(:expected_logger_attributes) do
+ {
+ message: 'Application_Rate_Limiter_Request',
+ env: :"#{rate_limit_key}_request_limit",
+ remote_ip: kind_of(String),
+ request_method: kind_of(String),
+ path: kind_of(String),
+ user_id: current_user.id,
+ username: current_user.username
+ }
+ end
+
+ let(:error_message) { _('This endpoint has been requested too many times. Try again later.') }
+
+ before do
+ allow(Gitlab::ApplicationRateLimiter).to receive(:threshold).with(rate_limit_key).and_return(1)
+ end
+
+ it 'logs request and declines it when endpoint called more than the threshold' do |example|
+ expect(Gitlab::AuthLogger).to receive(:error).with(expected_logger_attributes).once
+
+ request
+ request
+
+ expect(response).to have_gitlab_http_status(:too_many_requests)
+
+ if example.metadata[:type] == :controller
+ expect(response.body).to eq(error_message)
+ else # it is API spec
+ expect(response.body).to eq({ message: { error: error_message } }.to_json)
+ end
+ end
+ end
+
+ context 'when rate limiter is disabled' do
+ before do
+ allow(Gitlab::ApplicationRateLimiter).to receive(:threshold).with(rate_limit_key).and_return(0)
+ end
+
+ it 'does not log request and does not block the request' do
+ expect(Gitlab::AuthLogger).not_to receive(:error)
+
+ request
+
+ expect(response).not_to have_gitlab_http_status(:too_many_requests)
+ end
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 03:12:36 +0300