diff options
author | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-01-24 12:25:10 +0000 |
---|---|---|
committer | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-07-25 09:43:44 +0100 |
commit | 0fd901bdddd097f710eb3d2ab554d6b5fc6c7ab0 (patch) | |
tree | c7c0c86747759776c63ed1dea84f849bdedeeb1a | |
parent | 4063141223f9b89248e3c33df5711201f75d3718 (diff) | |
download | gitlab-ce-0fd901bdddd097f710eb3d2ab554d6b5fc6c7ab0.tar.gz |
Disables Rack Attack by default
-rw-r--r-- | config/initializers/1_settings.rb | 2 | ||||
-rw-r--r-- | spec/requests/git_http_spec.rb | 8 |
2 files changed, 9 insertions, 1 deletions
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 3230d9c0a5b..9ad55e21d11 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -418,7 +418,7 @@ Settings['extra'] ||= Settingslogic.new({}) # Settings['rack_attack'] ||= Settingslogic.new({}) Settings.rack_attack['git_basic_auth'] ||= Settingslogic.new({}) -Settings.rack_attack.git_basic_auth['enabled'] = true if Settings.rack_attack.git_basic_auth['enabled'].nil? +Settings.rack_attack.git_basic_auth['enabled'] = false if Settings.rack_attack.git_basic_auth['enabled'].nil? Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1} Settings.rack_attack.git_basic_auth['maxretry'] ||= 10 Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb index 0f3e7157e14..c71eae9164a 100644 --- a/spec/requests/git_http_spec.rb +++ b/spec/requests/git_http_spec.rb @@ -381,6 +381,10 @@ describe 'Git HTTP requests' do context "when authentication fails" do context "when the user is IP banned" do + before do + Gitlab.config.rack_attack.git_basic_auth['enabled'] = true + end + it "responds with status 401" do expect(Rack::Attack::Allow2Ban).to receive(:filter).and_return(true) allow_any_instance_of(Rack::Request).to receive(:ip).and_return('1.2.3.4') @@ -420,6 +424,10 @@ describe 'Git HTTP requests' do end context "when the user isn't blocked" do + before do + Gitlab.config.rack_attack.git_basic_auth['enabled'] = true + end + it "resets the IP in Rack Attack on download" do expect(Rack::Attack::Allow2Ban).to receive(:reset).twice |