45 lines
1.3 KiB
Ruby
45 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
#
|
|
# Requires a context containing:
|
|
# - user
|
|
# - params
|
|
# - request_full_path
|
|
|
|
RSpec.shared_examples 'request exceeding rate limit' do
|
|
before do
|
|
stub_application_setting(notes_create_limit: 2)
|
|
2.times { post :create, params: params }
|
|
end
|
|
|
|
it 'prevents from creating more notes', :request_store do
|
|
expect { post :create, params: params }
|
|
.to change { Note.count }.by(0)
|
|
|
|
expect(response).to have_gitlab_http_status(:too_many_requests)
|
|
expect(response.body).to eq(_('This endpoint has been requested too many times. Try again later.'))
|
|
end
|
|
|
|
it 'logs the event in auth.log' do
|
|
attributes = {
|
|
message: 'Application_Rate_Limiter_Request',
|
|
env: :notes_create_request_limit,
|
|
remote_ip: '0.0.0.0',
|
|
request_method: 'POST',
|
|
path: request_full_path,
|
|
user_id: user.id,
|
|
username: user.username
|
|
}
|
|
|
|
expect(Gitlab::AuthLogger).to receive(:error).with(attributes).once
|
|
post :create, params: params
|
|
end
|
|
|
|
it 'allows user in allow-list to create notes, even if the case is different' do
|
|
user.update_attribute(:username, user.username.titleize)
|
|
stub_application_setting(notes_create_limit_allowlist: ["#{user.username.downcase}"])
|
|
|
|
post :create, params: params
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
end
|
|
end
|