From b6c51f57dd5637aaa4a45b7408a1f8b30ce3e7e3 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Tue, 13 Aug 2019 18:13:37 +0000 Subject: [PATCH] Return 429 on rate limiter on raw endpoint It was originally returning 302 when the rate limit kicks in, because using the the correct status code makes it easier to track rate limiting events Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/65974 --- app/controllers/projects/raw_controller.rb | 2 +- .../projects/raw_controller_spec.rb | 6 +-- .../user_interacts_with_raw_endpoint_spec.rb | 39 +++++++++++++++++++ 3 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb index 3254229d9cb..c94fdd9483d 100644 --- a/app/controllers/projects/raw_controller.rb +++ b/app/controllers/projects/raw_controller.rb @@ -26,7 +26,7 @@ class Projects::RawController < Projects::ApplicationController limiter.log_request(request, :raw_blob_request_limit, current_user) flash[:alert] = _('You cannot access the raw file. Please wait a minute.') - redirect_to project_blob_path(@project, File.join(@ref, @path)) + redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests end def raw_blob_request_limit diff --git a/spec/controllers/projects/raw_controller_spec.rb b/spec/controllers/projects/raw_controller_spec.rb index 8ee3168273f..b958f419a19 100644 --- a/spec/controllers/projects/raw_controller_spec.rb +++ b/spec/controllers/projects/raw_controller_spec.rb @@ -60,7 +60,7 @@ describe Projects::RawController do execute_raw_requests(requests: 6, project: project, file_path: file_path) expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.') - expect(response).to redirect_to(project_blob_path(project, file_path)) + expect(response).to have_gitlab_http_status(429) end it 'logs the event on auth.log' do @@ -92,7 +92,7 @@ describe Projects::RawController do execute_raw_requests(requests: 3, project: project, file_path: modified_path) expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.') - expect(response).to redirect_to(project_blob_path(project, modified_path)) + expect(response).to have_gitlab_http_status(429) end end @@ -120,7 +120,7 @@ describe Projects::RawController do execute_raw_requests(requests: 6, project: project, file_path: file_path) expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.') - expect(response).to redirect_to(project_blob_path(project, file_path)) + expect(response).to have_gitlab_http_status(429) # Accessing upcase version of readme file_path = "#{commit_sha}/README.md" diff --git a/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb b/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb new file mode 100644 index 00000000000..6d587053b4f --- /dev/null +++ b/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Projects > Raw > User interacts with raw endpoint' do + include RepoHelpers + + let(:user) { create(:user) } + let(:project) { create(:project, :repository, :public) } + let(:file_path) { 'master/README.md' } + + before do + stub_application_setting(raw_blob_request_limit: 3) + project.add_developer(user) + create_file_in_repo(project, 'master', 'master', 'README.md', 'readme content') + + sign_in(user) + end + + context 'when user access a raw file' do + it 'renders the page successfully' do + visit project_raw_url(project, file_path) + + expect(source).to eq('') # Body is filled in by gitlab-workhorse + end + end + + context 'when user goes over the rate requests limit' do + it 'returns too many requests' do + 4.times do + visit project_raw_url(project, file_path) + end + + expect(source).to have_content('You are being redirected') + click_link('redirected') + expect(page).to have_content('You cannot access the raw file. Please wait a minute.') + end + end +end