2017-02-17 07:24:32 -05:00
|
|
|
shared_context 'limit login to only one ip' do
|
|
|
|
|
before(:each) do
|
|
|
|
|
Gitlab::Redis.with(&:flushall)
|
|
|
|
|
end
|
|
|
|
|
|
2017-02-17 06:52:27 -05:00
|
|
|
before do
|
|
|
|
|
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true)
|
2017-02-17 07:24:32 -05:00
|
|
|
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(10000)
|
2017-02-17 06:52:27 -05:00
|
|
|
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def change_ip(ip)
|
|
|
|
|
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(ip)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
shared_examples 'user login operation with unique ip limit' do
|
|
|
|
|
include_context 'limit login to only one ip' do
|
|
|
|
|
it 'allows user authenticating from the same ip' do
|
2017-02-17 07:24:32 -05:00
|
|
|
change_ip('ip')
|
2017-02-17 06:52:27 -05:00
|
|
|
expect { operation }.not_to raise_error
|
|
|
|
|
expect { operation }.not_to raise_error
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'blocks user authenticating from two distinct ips' do
|
2017-02-17 07:24:32 -05:00
|
|
|
change_ip('ip')
|
2017-02-17 06:52:27 -05:00
|
|
|
expect { operation }.not_to raise_error
|
|
|
|
|
|
|
|
|
|
change_ip('ip2')
|
|
|
|
|
expect { operation }.to raise_error(Gitlab::Auth::TooManyIps)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
