Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-10-27 09:05:56 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-10-27 09:05:56 +0000
commit: cc5d0271c249636bae1de55de9c2bf815d669afa (patch)
tree: 01b5b05c2376fca5a854459460a317c5fef96889 /spec/requests/git_http_spec.rb
parent: 529bc7e23ba25fb310c73a3d47759bfdd8b97a0a (diff)
download: gitlab-ce-cc5d0271c249636bae1de55de9c2bf815d669afa.tar.gz
1 files changed, 14 insertions, 12 deletions
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb
index 1cabfb55803..67c8056becb 100644
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -450,16 +450,22 @@ describe 'Git HTTP requests' do
           context "when authentication fails" do
             context "when the user is IP banned" do
               before do
-                Gitlab.config.rack_attack.git_basic_auth['enabled'] = true
+                stub_rack_attack_setting(enabled: true)
               end
 
-              it "responds with status 401" do
+              it "responds with status 403" do
                 expect(Rack::Attack::Allow2Ban).to receive(:filter).and_return(true)
-                allow_any_instance_of(ActionDispatch::Request).to receive(:ip).and_return('1.2.3.4')
+                expect(Gitlab::AuthLogger).to receive(:error).with({
+                  message: 'Rack_Attack',
+                  env: :blocklist,
+                  remote_ip: '127.0.0.1',
+                  request_method: 'GET',
+                  path: "/#{path}/info/refs?service=git-upload-pack"
+                })
 
                 clone_get(path, env)
 
-                expect(response).to have_gitlab_http_status(:unauthorized)
+                expect(response).to have_gitlab_http_status(:forbidden)
               end
             end
           end
@@ -493,7 +499,7 @@ describe 'Git HTTP requests' do
 
               context "when the user isn't blocked" do
                 before do
-                  Gitlab.config.rack_attack.git_basic_auth['enabled'] = true
+                  stub_rack_attack_setting(enabled: true, bantime: 1.minute, findtime: 5.minutes, maxretry: 2, ip_whitelist: [])
                 end
 
                 it "resets the IP in Rack Attack on download" do
@@ -652,9 +658,11 @@ describe 'Git HTTP requests' do
                   response.status
                 end
 
+                include_context 'rack attack cache store'
+
                 it "repeated attempts followed by successful attempt" do
                   options = Gitlab.config.rack_attack.git_basic_auth
-                  maxretry = options[:maxretry] - 1
+                  maxretry = options[:maxretry]
                   ip = '1.2.3.4'
 
                   allow_any_instance_of(ActionDispatch::Request).to receive(:ip).and_return(ip)
@@ -666,12 +674,6 @@ describe 'Git HTTP requests' do
 
                   expect(attempt_login(true)).to eq(200)
                   expect(Rack::Attack::Allow2Ban.banned?(ip)).to be_falsey
-
-                  maxretry.times.each do
-                    expect(attempt_login(false)).to eq(401)
-                  end
-
-                  Rack::Attack::Allow2Ban.reset(ip, options)
                 end
               end
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-10-27 09:05:56 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-10-27 09:05:56 +0000
commit	cc5d0271c249636bae1de55de9c2bf815d669afa (patch)
tree	01b5b05c2376fca5a854459460a317c5fef96889 /spec/requests/git_http_spec.rb
parent	529bc7e23ba25fb310c73a3d47759bfdd8b97a0a (diff)
download	gitlab-ce-cc5d0271c249636bae1de55de9c2bf815d669afa.tar.gz