Merge branch '65974-rate-limiter-should-return-429' into 'master'

Return `429` instead of `302` on Rate Limiter on the raw endpoint

See merge request gitlab-org/gitlab-ce!31777
This commit is contained in:
Stan Hu 2019-08-13 18:13:38 +00:00
commit df35d772c6
3 changed files with 43 additions and 4 deletions

View file

@ -26,7 +26,7 @@ class Projects::RawController < Projects::ApplicationController
limiter.log_request(request, :raw_blob_request_limit, current_user)
flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
redirect_to project_blob_path(@project, File.join(@ref, @path))
redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests
end
def raw_blob_request_limit

View file

@ -60,7 +60,7 @@ describe Projects::RawController do
execute_raw_requests(requests: 6, project: project, file_path: file_path)
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
expect(response).to redirect_to(project_blob_path(project, file_path))
expect(response).to have_gitlab_http_status(429)
end
it 'logs the event on auth.log' do
@ -92,7 +92,7 @@ describe Projects::RawController do
execute_raw_requests(requests: 3, project: project, file_path: modified_path)
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
expect(response).to redirect_to(project_blob_path(project, modified_path))
expect(response).to have_gitlab_http_status(429)
end
end
@ -120,7 +120,7 @@ describe Projects::RawController do
execute_raw_requests(requests: 6, project: project, file_path: file_path)
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
expect(response).to redirect_to(project_blob_path(project, file_path))
expect(response).to have_gitlab_http_status(429)
# Accessing upcase version of readme
file_path = "#{commit_sha}/README.md"

View file

@ -0,0 +1,39 @@
# frozen_string_literal: true
require 'spec_helper'
describe 'Projects > Raw > User interacts with raw endpoint' do
include RepoHelpers
let(:user) { create(:user) }
let(:project) { create(:project, :repository, :public) }
let(:file_path) { 'master/README.md' }
before do
stub_application_setting(raw_blob_request_limit: 3)
project.add_developer(user)
create_file_in_repo(project, 'master', 'master', 'README.md', 'readme content')
sign_in(user)
end
context 'when user access a raw file' do
it 'renders the page successfully' do
visit project_raw_url(project, file_path)
expect(source).to eq('') # Body is filled in by gitlab-workhorse
end
end
context 'when user goes over the rate requests limit' do
it 'returns too many requests' do
4.times do
visit project_raw_url(project, file_path)
end
expect(source).to have_content('You are being redirected')
click_link('redirected')
expect(page).to have_content('You cannot access the raw file. Please wait a minute.')
end
end
end