Merge branch '65974-rate-limiter-should-return-429' into 'master'

Return `429` instead of `302` on Rate Limiter on the raw endpoint See merge request gitlab-org/gitlab-ce!31777
2019-08-13 18:13:38 +00:00 · 2019-08-13 18:13:38 +00:00 · df35d772c6
parent bd759eebcd b6c51f57dd
commit df35d772c6
3 changed files with 43 additions and 4 deletions
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@ -26,7 +26,7 @@ class Projects::RawController < Projects::ApplicationController
    limiter.log_request(request, :raw_blob_request_limit, current_user)

    flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
-    redirect_to project_blob_path(@project, File.join(@ref, @path))
+    redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests
  end

  def raw_blob_request_limit
--- a/spec/controllers/projects/raw_controller_spec.rb
+++ b/spec/controllers/projects/raw_controller_spec.rb
@ -60,7 +60,7 @@ describe Projects::RawController do
        execute_raw_requests(requests: 6, project: project, file_path: file_path)

        expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
-        expect(response).to redirect_to(project_blob_path(project, file_path))
+        expect(response).to have_gitlab_http_status(429)
      end

      it 'logs the event on auth.log' do
@ -92,7 +92,7 @@ describe Projects::RawController do
          execute_raw_requests(requests: 3, project: project, file_path: modified_path)

          expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
-          expect(response).to redirect_to(project_blob_path(project, modified_path))
+          expect(response).to have_gitlab_http_status(429)
        end
      end

@ -120,7 +120,7 @@ describe Projects::RawController do
          execute_raw_requests(requests: 6, project: project, file_path: file_path)

          expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
-          expect(response).to redirect_to(project_blob_path(project, file_path))
+          expect(response).to have_gitlab_http_status(429)

          # Accessing upcase version of readme
          file_path = "#{commit_sha}/README.md"
--- a/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb
+++ b/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb
@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Projects > Raw > User interacts with raw endpoint' do
+  include RepoHelpers
+
+  let(:user) { create(:user) }
+  let(:project) { create(:project, :repository, :public) }
+  let(:file_path) { 'master/README.md' }
+
+  before do
+    stub_application_setting(raw_blob_request_limit: 3)
+    project.add_developer(user)
+    create_file_in_repo(project, 'master', 'master', 'README.md', 'readme content')
+
+    sign_in(user)
+  end
+
+  context 'when user access a raw file' do
+    it 'renders the page successfully' do
+      visit project_raw_url(project, file_path)
+
+      expect(source).to eq('') # Body is filled in by gitlab-workhorse
+    end
+  end
+
+  context 'when user goes over the rate requests limit' do
+    it 'returns too many requests' do
+      4.times do
+        visit project_raw_url(project, file_path)
+      end
+
+      expect(source).to have_content('You are being redirected')
+      click_link('redirected')
+      expect(page).to have_content('You cannot access the raw file. Please wait a minute.')
+    end
+  end
+end