diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 13:18:24 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-20 13:18:24 +0000 |
commit | 0653e08efd039a5905f3fa4f6e9cef9f5d2f799c (patch) | |
tree | 4dcc884cf6d81db44adae4aa99f8ec1233a41f55 /spec/lib/gitlab/rack_attack_spec.rb | |
parent | 744144d28e3e7fddc117924fef88de5d9674fe4c (diff) | |
download | gitlab-ce-0653e08efd039a5905f3fa4f6e9cef9f5d2f799c.tar.gz |
Add latest changes from gitlab-org/gitlab@14-3-stable-eev14.3.0-rc42
Diffstat (limited to 'spec/lib/gitlab/rack_attack_spec.rb')
-rw-r--r-- | spec/lib/gitlab/rack_attack_spec.rb | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/spec/lib/gitlab/rack_attack_spec.rb b/spec/lib/gitlab/rack_attack_spec.rb index 788d2eac61f..8f03905e08d 100644 --- a/spec/lib/gitlab/rack_attack_spec.rb +++ b/spec/lib/gitlab/rack_attack_spec.rb @@ -10,12 +10,19 @@ RSpec.describe Gitlab::RackAttack, :aggregate_failures do let(:throttles) do { - throttle_unauthenticated: Gitlab::Throttle.unauthenticated_options, - throttle_authenticated_api: Gitlab::Throttle.authenticated_api_options, + throttle_unauthenticated_api: Gitlab::Throttle.options(:api, authenticated: false), + throttle_authenticated_api: Gitlab::Throttle.options(:api, authenticated: true), + throttle_unauthenticated_web: Gitlab::Throttle.unauthenticated_web_options, + throttle_authenticated_web: Gitlab::Throttle.authenticated_web_options, throttle_product_analytics_collector: { limit: 100, period: 60 }, - throttle_unauthenticated_protected_paths: Gitlab::Throttle.unauthenticated_options, - throttle_authenticated_protected_paths_api: Gitlab::Throttle.authenticated_api_options, - throttle_authenticated_protected_paths_web: Gitlab::Throttle.authenticated_web_options + throttle_unauthenticated_protected_paths: Gitlab::Throttle.protected_paths_options, + throttle_authenticated_protected_paths_api: Gitlab::Throttle.protected_paths_options, + throttle_authenticated_protected_paths_web: Gitlab::Throttle.protected_paths_options, + throttle_unauthenticated_packages_api: Gitlab::Throttle.options(:packages_api, authenticated: false), + throttle_authenticated_packages_api: Gitlab::Throttle.options(:packages_api, authenticated: true), + throttle_authenticated_git_lfs: Gitlab::Throttle.throttle_authenticated_git_lfs_options, + throttle_unauthenticated_files_api: Gitlab::Throttle.options(:files_api, authenticated: false), + throttle_authenticated_files_api: Gitlab::Throttle.options(:files_api, authenticated: true) } end @@ -84,6 +91,15 @@ RSpec.describe Gitlab::RackAttack, :aggregate_failures do end end + it 'enables dry-runs for `throttle_unauthenticated_api` and `throttle_unauthenticated_web` when selecting `throttle_unauthenticated`' do + stub_env('GITLAB_THROTTLE_DRY_RUN', 'throttle_unauthenticated') + + described_class.configure(fake_rack_attack) + + expect(fake_rack_attack).to have_received(:track).with('throttle_unauthenticated_api', throttles[:throttle_unauthenticated_api]) + expect(fake_rack_attack).to have_received(:track).with('throttle_unauthenticated_web', throttles[:throttle_unauthenticated_web]) + end + context 'user allowlist' do subject { described_class.user_allowlist } |