Welcome to mirror list, hosted at ThFree Co, Russian Federation.

rate_limited_endpoint_shared_examples.rb « controllers « shared_examples « support « spec - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
blob: 20edca1ee9f81d9e8b7b7ffa1e23c27204c5c43c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# frozen_string_literal: true
#
# Requires a context containing:
# - request (use method definition to avoid memoizing!)
# - current_user
# - error_message # optional

RSpec.shared_examples 'rate limited endpoint' do |rate_limit_key:|
  context 'when rate limiter enabled', :freeze_time, :clean_gitlab_redis_rate_limiting do
    let(:expected_logger_attributes) do
      {
        message: 'Application_Rate_Limiter_Request',
        env: :"#{rate_limit_key}_request_limit",
        remote_ip: kind_of(String),
        request_method: kind_of(String),
        path: kind_of(String)
      }.merge(expected_user_attributes)
    end

    let(:expected_user_attributes) do
      if defined?(current_user) && current_user.present?
        { user_id: current_user.id, username: current_user.username }
      else
        {}
      end
    end

    let(:error_message) { _('This endpoint has been requested too many times. Try again later.') }

    before do
      allow(Gitlab::ApplicationRateLimiter).to receive(:threshold).with(rate_limit_key).and_return(1)
    end

    it 'logs request and declines it when endpoint called more than the threshold' do |example|
      expect(Gitlab::AuthLogger).to receive(:error).with(expected_logger_attributes).once

      request
      request

      expect(response).to have_gitlab_http_status(:too_many_requests)

      if example.metadata[:type] == :controller
        expect(response.body).to eq(error_message)
      else # it is API spec
        expect(response.body).to eq({ message: { error: error_message } }.to_json)
      end
    end
  end

  context 'when rate limiter is disabled' do
    before do
      allow(Gitlab::ApplicationRateLimiter).to receive(:threshold).with(rate_limit_key).and_return(0)
    end

    it 'does not log request and does not block the request' do
      expect(Gitlab::AuthLogger).not_to receive(:error)

      request

      expect(response).not_to have_gitlab_http_status(:too_many_requests)
    end
  end
end