Merge branch '65974-rate-limiter-should-return-429' into 'master'

Return `429` instead of `302` on Rate Limiter on the raw endpoint

See merge request gitlab-org/gitlab-ce!31777

3 files changed, 43 insertions, 4 deletions

diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index 3254229d9cb..c94fdd9483d 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -26,7 +26,7 @@ class Projects::RawController < Projects::ApplicationController
     limiter.log_request(request, :raw_blob_request_limit, current_user)
 
     flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
-    redirect_to project_blob_path(@project, File.join(@ref, @path))
+    redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests
   end
 
   def raw_blob_request_limit
diff --git a/spec/controllers/projects/raw_controller_spec.rb b/spec/controllers/projects/raw_controller_spec.rb
index 8ee3168273f..b958f419a19 100644
--- a/spec/controllers/projects/raw_controller_spec.rb
+++ b/spec/controllers/projects/raw_controller_spec.rb
@@ -60,7 +60,7 @@ describe Projects::RawController do
         execute_raw_requests(requests: 6, project: project, file_path: file_path)
 
         expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
-        expect(response).to redirect_to(project_blob_path(project, file_path))
+        expect(response).to have_gitlab_http_status(429)
       end
 
       it 'logs the event on auth.log' do
@@ -92,7 +92,7 @@ describe Projects::RawController do
           execute_raw_requests(requests: 3, project: project, file_path: modified_path)
 
           expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
-          expect(response).to redirect_to(project_blob_path(project, modified_path))
+          expect(response).to have_gitlab_http_status(429)
         end
       end
 
@@ -120,7 +120,7 @@ describe Projects::RawController do
           execute_raw_requests(requests: 6, project: project, file_path: file_path)
 
           expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
-          expect(response).to redirect_to(project_blob_path(project, file_path))
+          expect(response).to have_gitlab_http_status(429)
 
           # Accessing upcase version of readme
           file_path = "#{commit_sha}/README.md"
diff --git a/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb b/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb
new file mode 100644
index 00000000000..6d587053b4f
--- /dev/null
+++ b/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb
@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Projects > Raw > User interacts with raw endpoint' do
+  include RepoHelpers
+
+  let(:user) { create(:user) }
+  let(:project) { create(:project, :repository, :public) }
+  let(:file_path) { 'master/README.md' }
+
+  before do
+    stub_application_setting(raw_blob_request_limit: 3)
+    project.add_developer(user)
+    create_file_in_repo(project, 'master', 'master', 'README.md', 'readme content')
+
+    sign_in(user)
+  end
+
+  context 'when user access a raw file' do
+    it 'renders the page successfully' do
+      visit project_raw_url(project, file_path)
+
+      expect(source).to eq('') # Body is filled in by gitlab-workhorse
+    end
+  end
+
+  context 'when user goes over the rate requests limit' do
+    it 'returns too many requests' do
+      4.times do
+        visit project_raw_url(project, file_path)
+      end
+
+      expect(source).to have_content('You are being redirected')
+      click_link('redirected')
+      expect(page).to have_content('You cannot access the raw file. Please wait a minute.')
+    end
+  end
+end