diff options
author | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-02-17 12:52:27 +0100 |
---|---|---|
committer | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-03-06 15:41:25 +0100 |
commit | 8993801f0cefdc64b46b8fe30622cc78eaa03173 (patch) | |
tree | f9a9a38c91e99f03ea87978119a03538d1e91175 /spec/lib/gitlab/auth_spec.rb | |
parent | 66dc71599cb698d380e14be7230ae3495c78d266 (diff) | |
download | gitlab-ce-8993801f0cefdc64b46b8fe30622cc78eaa03173.tar.gz |
Test various login scenarios if the limit gets enforced
Diffstat (limited to 'spec/lib/gitlab/auth_spec.rb')
-rw-r--r-- | spec/lib/gitlab/auth_spec.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index b234de4c772..ee70ef34f4f 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -58,6 +58,30 @@ describe Gitlab::Auth, lib: true do expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities)) end + + context 'unique ip limit is enabled and set to 1', :redis do + before do + allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true) + allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(10) + allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1) + end + + it 'allows user authenticating from the same ip' do + user = create(:user, password: 'password') + allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip') + expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities)) + expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities)) + end + + it 'blocks user authenticating from two distinct ips' do + user = create(:user, password: 'password') + allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip') + expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities)) + allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip2') + expect { gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip2') }.to raise_error(Gitlab::Auth::TooManyIps) + end + end + context 'while using LFS authenticate' do it 'recognizes user lfs tokens' do user = create(:user) |