Merge branch '65974-rate-limiter-should-return-429' into 'master'
Return `429` instead of `302` on Rate Limiter on the raw endpoint See merge request gitlab-org/gitlab-ce!31777
This commit is contained in:
commit
df35d772c6
3 changed files with 43 additions and 4 deletions
|
@ -26,7 +26,7 @@ class Projects::RawController < Projects::ApplicationController
|
||||||
limiter.log_request(request, :raw_blob_request_limit, current_user)
|
limiter.log_request(request, :raw_blob_request_limit, current_user)
|
||||||
|
|
||||||
flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
|
flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
|
||||||
redirect_to project_blob_path(@project, File.join(@ref, @path))
|
redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests
|
||||||
end
|
end
|
||||||
|
|
||||||
def raw_blob_request_limit
|
def raw_blob_request_limit
|
||||||
|
|
|
@ -60,7 +60,7 @@ describe Projects::RawController do
|
||||||
execute_raw_requests(requests: 6, project: project, file_path: file_path)
|
execute_raw_requests(requests: 6, project: project, file_path: file_path)
|
||||||
|
|
||||||
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
|
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
|
||||||
expect(response).to redirect_to(project_blob_path(project, file_path))
|
expect(response).to have_gitlab_http_status(429)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'logs the event on auth.log' do
|
it 'logs the event on auth.log' do
|
||||||
|
@ -92,7 +92,7 @@ describe Projects::RawController do
|
||||||
execute_raw_requests(requests: 3, project: project, file_path: modified_path)
|
execute_raw_requests(requests: 3, project: project, file_path: modified_path)
|
||||||
|
|
||||||
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
|
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
|
||||||
expect(response).to redirect_to(project_blob_path(project, modified_path))
|
expect(response).to have_gitlab_http_status(429)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -120,7 +120,7 @@ describe Projects::RawController do
|
||||||
execute_raw_requests(requests: 6, project: project, file_path: file_path)
|
execute_raw_requests(requests: 6, project: project, file_path: file_path)
|
||||||
|
|
||||||
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
|
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
|
||||||
expect(response).to redirect_to(project_blob_path(project, file_path))
|
expect(response).to have_gitlab_http_status(429)
|
||||||
|
|
||||||
# Accessing upcase version of readme
|
# Accessing upcase version of readme
|
||||||
file_path = "#{commit_sha}/README.md"
|
file_path = "#{commit_sha}/README.md"
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'Projects > Raw > User interacts with raw endpoint' do
|
||||||
|
include RepoHelpers
|
||||||
|
|
||||||
|
let(:user) { create(:user) }
|
||||||
|
let(:project) { create(:project, :repository, :public) }
|
||||||
|
let(:file_path) { 'master/README.md' }
|
||||||
|
|
||||||
|
before do
|
||||||
|
stub_application_setting(raw_blob_request_limit: 3)
|
||||||
|
project.add_developer(user)
|
||||||
|
create_file_in_repo(project, 'master', 'master', 'README.md', 'readme content')
|
||||||
|
|
||||||
|
sign_in(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when user access a raw file' do
|
||||||
|
it 'renders the page successfully' do
|
||||||
|
visit project_raw_url(project, file_path)
|
||||||
|
|
||||||
|
expect(source).to eq('') # Body is filled in by gitlab-workhorse
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when user goes over the rate requests limit' do
|
||||||
|
it 'returns too many requests' do
|
||||||
|
4.times do
|
||||||
|
visit project_raw_url(project, file_path)
|
||||||
|
end
|
||||||
|
|
||||||
|
expect(source).to have_content('You are being redirected')
|
||||||
|
click_link('redirected')
|
||||||
|
expect(page).to have_content('You cannot access the raw file. Please wait a minute.')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue