diff options
author | Stan Hu <stanhu@gmail.com> | 2019-06-27 15:44:46 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-06-27 23:16:11 -0700 |
commit | 82c31a9addfe87e91b512abb982d2223fa4ed730 (patch) | |
tree | 56e0570df7f3999d633372bd6d285297d3732169 /spec/lib/gitlab/auth/ip_rate_limiter_spec.rb | |
parent | ae68c7ea142b12fe179a4027b17d31ac6fb2649c (diff) | |
download | gitlab-ce-82c31a9addfe87e91b512abb982d2223fa4ed730.tar.gz |
Support CIDR notation in IP rate limitersh-support-subnets-ip-rate-limiter
This will make it possible to whitelist multiple IP addresses
(e.g. 192.168.0.1/24).
Diffstat (limited to 'spec/lib/gitlab/auth/ip_rate_limiter_spec.rb')
-rw-r--r-- | spec/lib/gitlab/auth/ip_rate_limiter_spec.rb | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb b/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb new file mode 100644 index 00000000000..8d6bf45ab30 --- /dev/null +++ b/spec/lib/gitlab/auth/ip_rate_limiter_spec.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Gitlab::Auth::IpRateLimiter, :use_clean_rails_memory_store_caching do + let(:ip) { '10.2.2.3' } + let(:whitelist) { ['127.0.0.1'] } + let(:options) do + { + enabled: true, + ip_whitelist: whitelist, + bantime: 1.minute, + findtime: 1.minute, + maxretry: 2 + } + end + + subject { described_class.new(ip) } + + before do + stub_rack_attack_setting(options) + end + + after do + subject.reset! + end + + describe '#register_fail!' do + it 'bans after 3 consecutive failures' do + expect(subject.banned?).to be_falsey + + 3.times { subject.register_fail! } + + expect(subject.banned?).to be_truthy + end + + shared_examples 'whitelisted IPs' do + it 'does not ban after max retry limit' do + expect(subject.banned?).to be_falsey + + 3.times { subject.register_fail! } + + expect(subject.banned?).to be_falsey + end + end + + context 'with a whitelisted netmask' do + before do + options[:ip_whitelist] = ['127.0.0.1', '10.2.2.0/24', 'bad'] + stub_rack_attack_setting(options) + end + + it_behaves_like 'whitelisted IPs' + end + + context 'with a whitelisted IP' do + before do + options[:ip_whitelist] = ['10.2.2.3'] + stub_rack_attack_setting(options) + end + + it_behaves_like 'whitelisted IPs' + end + end +end |