Refactor application setting management
This commit is contained in:
parent
4e5a97d4f3
commit
6ba13b41ff
1 changed files with 35 additions and 41 deletions
|
@ -5,18 +5,26 @@ describe 'Rack Attack global throttles' do
|
||||||
|
|
||||||
let(:settings) { Gitlab::CurrentSettings.current_application_settings }
|
let(:settings) { Gitlab::CurrentSettings.current_application_settings }
|
||||||
|
|
||||||
|
# Start with really high limits and override them with low limits to ensure
|
||||||
|
# the right settings are being exercised
|
||||||
|
let(:settings_to_set) do
|
||||||
|
{
|
||||||
|
throttle_unauthenticated_requests_per_period: 100,
|
||||||
|
throttle_unauthenticated_period_in_seconds: 1,
|
||||||
|
throttle_authenticated_api_requests_per_period: 100,
|
||||||
|
throttle_authenticated_api_period_in_seconds: 1,
|
||||||
|
throttle_authenticated_web_requests_per_period: 100,
|
||||||
|
throttle_authenticated_web_period_in_seconds: 1
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
let(:requests_per_period) { 1 }
|
||||||
|
let(:period_in_seconds) { 10000 }
|
||||||
|
let(:period) { period_in_seconds.seconds }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
# Instead of test environment's :null_store
|
# Instead of test environment's :null_store
|
||||||
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
|
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
|
||||||
|
|
||||||
# Start with really high limits to ensure the right settings are being exercised.
|
|
||||||
# Also note, settings will be saved later.
|
|
||||||
settings.throttle_unauthenticated_requests_per_period = 100
|
|
||||||
settings.throttle_unauthenticated_period_in_seconds = 1
|
|
||||||
settings.throttle_authenticated_api_requests_per_period = 100
|
|
||||||
settings.throttle_authenticated_api_period_in_seconds = 1
|
|
||||||
settings.throttle_authenticated_web_requests_per_period = 100
|
|
||||||
settings.throttle_authenticated_web_period_in_seconds = 1
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Make time-dependent tests deterministic
|
# Make time-dependent tests deterministic
|
||||||
|
@ -29,19 +37,16 @@ describe 'Rack Attack global throttles' do
|
||||||
# * get_args
|
# * get_args
|
||||||
# * other_user_get_args
|
# * other_user_get_args
|
||||||
shared_examples_for 'rate-limited token-authenticated requests' do
|
shared_examples_for 'rate-limited token-authenticated requests' do
|
||||||
let(:requests_per_period) { settings.send(:"#{throttle_setting_prefix}_requests_per_period") }
|
|
||||||
let(:period) { settings.send(:"#{throttle_setting_prefix}_period_in_seconds").seconds }
|
|
||||||
|
|
||||||
before do
|
before do
|
||||||
# Set low limits
|
# Set low limits
|
||||||
settings.send(:"#{throttle_setting_prefix}_requests_per_period=", 1)
|
settings_to_set[:"#{throttle_setting_prefix}_requests_per_period"] = requests_per_period
|
||||||
settings.send(:"#{throttle_setting_prefix}_period_in_seconds=", 10000)
|
settings_to_set[:"#{throttle_setting_prefix}_period_in_seconds"] = period_in_seconds
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when the throttle is enabled' do
|
context 'when the throttle is enabled' do
|
||||||
before do
|
before do
|
||||||
settings.send(:"#{throttle_setting_prefix}_enabled=", true)
|
settings_to_set[:"#{throttle_setting_prefix}_enabled"] = true
|
||||||
settings.save!
|
stub_application_setting(settings_to_set)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'rejects requests over the rate limit' do
|
it 'rejects requests over the rate limit' do
|
||||||
|
@ -98,8 +103,8 @@ describe 'Rack Attack global throttles' do
|
||||||
|
|
||||||
context 'when the throttle is disabled' do
|
context 'when the throttle is disabled' do
|
||||||
before do
|
before do
|
||||||
settings.send(:"#{throttle_setting_prefix}_enabled=", false)
|
settings_to_set[:"#{throttle_setting_prefix}_enabled"] = false
|
||||||
settings.save!
|
stub_application_setting(settings_to_set)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'allows requests over the rate limit' do
|
it 'allows requests over the rate limit' do
|
||||||
|
@ -112,19 +117,16 @@ describe 'Rack Attack global throttles' do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'unauthenticated requests' do
|
describe 'unauthenticated requests' do
|
||||||
let(:requests_per_period) { settings.throttle_unauthenticated_requests_per_period }
|
|
||||||
let(:period) { settings.throttle_unauthenticated_period_in_seconds.seconds }
|
|
||||||
|
|
||||||
before do
|
before do
|
||||||
# Set low limits
|
# Set low limits
|
||||||
settings.throttle_unauthenticated_requests_per_period = 1
|
settings_to_set[:throttle_unauthenticated_requests_per_period] = requests_per_period
|
||||||
settings.throttle_unauthenticated_period_in_seconds = 10000
|
settings_to_set[:throttle_unauthenticated_period_in_seconds] = period_in_seconds
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when the throttle is enabled' do
|
context 'when the throttle is enabled' do
|
||||||
before do
|
before do
|
||||||
settings.throttle_unauthenticated_enabled = true
|
settings_to_set[:throttle_unauthenticated_enabled] = true
|
||||||
settings.save!
|
stub_application_setting(settings_to_set)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'rejects requests over the rate limit' do
|
it 'rejects requests over the rate limit' do
|
||||||
|
@ -172,8 +174,8 @@ describe 'Rack Attack global throttles' do
|
||||||
|
|
||||||
context 'when the throttle is disabled' do
|
context 'when the throttle is disabled' do
|
||||||
before do
|
before do
|
||||||
settings.throttle_unauthenticated_enabled = false
|
settings_to_set[:throttle_unauthenticated_enabled] = false
|
||||||
settings.save!
|
stub_application_setting(settings_to_set)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'allows requests over the rate limit' do
|
it 'allows requests over the rate limit' do
|
||||||
|
@ -186,8 +188,6 @@ describe 'Rack Attack global throttles' do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'API requests authenticated with private token', :api do
|
describe 'API requests authenticated with private token', :api do
|
||||||
let(:requests_per_period) { settings.throttle_authenticated_api_requests_per_period }
|
|
||||||
let(:period) { settings.throttle_authenticated_api_period_in_seconds.seconds }
|
|
||||||
let(:user) { create(:user) }
|
let(:user) { create(:user) }
|
||||||
let(:other_user) { create(:user) }
|
let(:other_user) { create(:user) }
|
||||||
let(:throttle_setting_prefix) { 'throttle_authenticated_api' }
|
let(:throttle_setting_prefix) { 'throttle_authenticated_api' }
|
||||||
|
@ -230,8 +230,6 @@ describe 'Rack Attack global throttles' do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'API requests authenticated with OAuth token', :api do
|
describe 'API requests authenticated with OAuth token', :api do
|
||||||
let(:requests_per_period) { settings.throttle_authenticated_api_requests_per_period }
|
|
||||||
let(:period) { settings.throttle_authenticated_api_period_in_seconds.seconds }
|
|
||||||
let(:user) { create(:user) }
|
let(:user) { create(:user) }
|
||||||
let(:application) { Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user) }
|
let(:application) { Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user) }
|
||||||
let(:token) { Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: "api") }
|
let(:token) { Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: "api") }
|
||||||
|
@ -256,8 +254,6 @@ describe 'Rack Attack global throttles' do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '"web" (non-API) requests authenticated with RSS token' do
|
describe '"web" (non-API) requests authenticated with RSS token' do
|
||||||
let(:requests_per_period) { settings.throttle_authenticated_web_requests_per_period }
|
|
||||||
let(:period) { settings.throttle_authenticated_web_period_in_seconds.seconds }
|
|
||||||
let(:user) { create(:user) }
|
let(:user) { create(:user) }
|
||||||
let(:other_user) { create(:user) }
|
let(:other_user) { create(:user) }
|
||||||
let(:throttle_setting_prefix) { 'throttle_authenticated_web' }
|
let(:throttle_setting_prefix) { 'throttle_authenticated_web' }
|
||||||
|
@ -280,22 +276,20 @@ describe 'Rack Attack global throttles' do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'web requests authenticated with regular login' do
|
describe 'web requests authenticated with regular login' do
|
||||||
let(:requests_per_period) { settings.throttle_authenticated_web_requests_per_period }
|
|
||||||
let(:period) { settings.throttle_authenticated_web_period_in_seconds.seconds }
|
|
||||||
let(:user) { create(:user) }
|
let(:user) { create(:user) }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
login_as(user)
|
login_as(user)
|
||||||
|
|
||||||
# Set low limits
|
# Set low limits
|
||||||
settings.throttle_authenticated_web_requests_per_period = 1
|
settings_to_set[:throttle_authenticated_web_requests_per_period] = requests_per_period
|
||||||
settings.throttle_authenticated_web_period_in_seconds = 10000
|
settings_to_set[:throttle_authenticated_web_period_in_seconds] = period_in_seconds
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when the throttle is enabled' do
|
context 'when the throttle is enabled' do
|
||||||
before do
|
before do
|
||||||
settings.throttle_authenticated_web_enabled = true
|
settings_to_set[:throttle_authenticated_web_enabled] = true
|
||||||
settings.save!
|
stub_application_setting(settings_to_set)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'rejects requests over the rate limit' do
|
it 'rejects requests over the rate limit' do
|
||||||
|
@ -354,8 +348,8 @@ describe 'Rack Attack global throttles' do
|
||||||
|
|
||||||
context 'when the throttle is disabled' do
|
context 'when the throttle is disabled' do
|
||||||
before do
|
before do
|
||||||
settings.throttle_authenticated_web_enabled = false
|
settings_to_set[:throttle_authenticated_web_enabled] = false
|
||||||
settings.save!
|
stub_application_setting(settings_to_set)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'allows requests over the rate limit' do
|
it 'allows requests over the rate limit' do
|
||||||
|
|
Loading…
Reference in a new issue