closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17460 Commits
4 Branches
567 MiB
Branch: closed-social-glitch-2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'closed-social-glitch-2'
${ noResults }
mastodon/spec/config/initializers/rack_attack_spec.rb

108 lines
2.8 KiB
Raw Permalink Normal View History

Enable Style/FrozenStringLiteralComment for specs (#23790)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Fix rack:attack flaky tests and test end of throttle period (#23799)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Fix rack:attack flaky tests and test end of throttle period (#23799)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Fix rack:attack flaky tests and test end of throttle period (#23799)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Fix rack:attack flaky tests and test end of throttle period (#23799)
1 year ago
Autofix Rubocop Style/EmptyLambdaParameter (#23705)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Run rubocop formatting except line length (#23632)
1 year ago
Autofix Rubocop RSpec/EmptyLineAfterFinalLet (#23707)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Run rubocop formatting except line length (#23632)
1 year ago
Autofix Rubocop RSpec/EmptyLineAfterFinalLet (#23707)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Fix rack:attack flaky tests and test end of throttle period (#23799)
1 year ago
Autofix Rubocop Style/EmptyLambdaParameter (#23705)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Run rubocop formatting except line length (#23632)
1 year ago
Autofix Rubocop RSpec/EmptyLineAfterFinalLet (#23707)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Fix rack:attack flaky tests and test end of throttle period (#23799)
1 year ago
Autofix Rubocop Style/EmptyLambdaParameter (#23705)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Run rubocop formatting except line length (#23632)
1 year ago
Autofix Rubocop RSpec/EmptyLineAfterFinalLet (#23707)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
Run rubocop formatting except line length (#23632)
1 year ago
Autofix Rubocop RSpec/EmptyLineAfterFinalLet (#23707)
1 year ago
Fix rate limiting for paths with formats (#20675)
2 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. 

  5. describe Rack::Attack do
  6.   include Rack::Test::Methods
  7. 

  8.   def app
  9.     Rails.application
  10.   end
  11. 

  12.   shared_examples 'throttled endpoint' do
  13.     before do
  14.       # Rack::Attack periods are not rolling, so avoid flaky tests by setting the time in a way
  15.       # to avoid crossing period boundaries.
  16. 

  17.       # The code Rack::Attack uses to set periods is the following:
  18.       # https://github.com/rack/rack-attack/blob/v6.6.1/lib/rack/attack/cache.rb#L64-L66
  19.       # So we want to minimize `Time.now.to_i % period`
  20. 

  21.       travel_to Time.zone.at((Time.now.to_i / period.seconds).to_i * period.seconds)
  22.     end
  23. 

  24.     context 'when the number of requests is lower than the limit' do
  25.       it 'does not change the request status' do
  26.         limit.times do
  27.           request.call
  28.           expect(last_response.status).to_not eq(429)
  29.         end
  30.       end
  31.     end
  32. 

  33.     context 'when the number of requests is higher than the limit' do
  34.       it 'returns http too many requests after limit and returns to normal status after period' do
  35.         (limit * 2).times do |i|
  36.           request.call
  37.           expect(last_response.status).to eq(429) if i > limit
  38.         end
  39. 

  40.         travel period
  41. 

  42.         request.call
  43.         expect(last_response.status).to_not eq(429)
  44.       end
  45.     end
  46.   end
  47. 

  48.   let(:remote_ip) { '1.2.3.5' }
  49. 

  50.   describe 'throttle excessive sign-up requests by IP address' do
  51.     context 'through the website' do
  52.       let(:limit)  { 25 }
  53.       let(:period) { 5.minutes }
  54.       let(:request) { -> { post path, {}, 'REMOTE_ADDR' => remote_ip } }
  55. 

  56.       context 'for exact path' do
  57.         let(:path) { '/auth' }
  58. 

  59.         it_behaves_like 'throttled endpoint'
  60.       end
  61. 

  62.       context 'for path with format' do
  63.         let(:path) { '/auth.html' }
  64. 

  65.         it_behaves_like 'throttled endpoint'
  66.       end
  67.     end
  68. 

  69.     context 'through the API' do
  70.       let(:limit)  { 5 }
  71.       let(:period) { 30.minutes }
  72.       let(:request) { -> { post path, {}, 'REMOTE_ADDR' => remote_ip } }
  73. 

  74.       context 'for exact path' do
  75.         let(:path) { '/api/v1/accounts' }
  76. 

  77.         it_behaves_like 'throttled endpoint'
  78.       end
  79. 

  80.       context 'for path with format' do
  81.         let(:path)  { '/api/v1/accounts.json' }
  82. 

  83.         it 'returns http not found' do
  84.           request.call
  85.           expect(last_response.status).to eq(404)
  86.         end
  87.       end
  88.     end
  89.   end
  90. 

  91.   describe 'throttle excessive sign-in requests by IP address' do
  92.     let(:limit)  { 25 }
  93.     let(:period) { 5.minutes }
  94.     let(:request) { -> { post path, {}, 'REMOTE_ADDR' => remote_ip } }
  95. 

  96.     context 'for exact path' do
  97.       let(:path) { '/auth/sign_in' }
  98. 

  99.       it_behaves_like 'throttled endpoint'
  100.     end
  101. 

  102.     context 'for path with format' do
  103.       let(:path) { '/auth/sign_in.html' }
  104. 

  105.       it_behaves_like 'throttled endpoint'
  106.     end
  107.   end
  108. end