1 files changed, 34 insertions, 5 deletions

diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb
index acfe476a864..e100684018a 100644
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -376,10 +376,17 @@ RSpec.describe API::Internal::Base do
     shared_examples 'rate limited request' do
       let(:action) { 'git-upload-pack' }
       let(:actor) { key }
+      let(:rate_limiter) { double(:rate_limiter, ip: "127.0.0.1", trusted_ip?: false) }
+
+      before do
+        allow(::Gitlab::Auth::IpRateLimiter).to receive(:new).with("127.0.0.1").and_return(rate_limiter)
+      end
 
       it 'is throttled by rate limiter' do
         allow(::Gitlab::ApplicationRateLimiter).to receive(:threshold).and_return(1)
+
         expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(:gitlab_shell_operation, scope: [action, project.full_path, actor]).twice.and_call_original
+        expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(:gitlab_shell_operation, scope: [action, project.full_path, "127.0.0.1"]).and_call_original
 
         request
 
@@ -402,6 +409,28 @@ RSpec.describe API::Internal::Base do
           subject
         end
       end
+
+      context 'when rate_limit_gitlab_shell_by_ip feature flag is disabled' do
+        before do
+          stub_feature_flags(rate_limit_gitlab_shell_by_ip: false)
+        end
+
+        it 'is not throttled by rate limiter' do
+          expect(::Gitlab::ApplicationRateLimiter).not_to receive(:throttled?)
+
+          subject
+        end
+      end
+
+      context 'when the IP is in a trusted range' do
+        let(:rate_limiter) { double(:rate_limiter, ip: "127.0.0.1", trusted_ip?: true) }
+
+        it 'is not throttled by rate limiter' do
+          expect(::Gitlab::ApplicationRateLimiter).not_to receive(:throttled?)
+
+          subject
+        end
+      end
     end
 
     context "access granted" do
@@ -1451,7 +1480,7 @@ RSpec.describe API::Internal::Base do
 
   describe 'POST /internal/two_factor_otp_check' do
     let(:key_id) { key.id }
-    let(:otp) { '123456'}
+    let(:otp) { '123456' }
 
     subject do
       post api('/internal/two_factor_otp_check'),
@@ -1472,7 +1501,7 @@ RSpec.describe API::Internal::Base do
 
   describe 'POST /internal/two_factor_manual_otp_check' do
     let(:key_id) { key.id }
-    let(:otp) { '123456'}
+    let(:otp) { '123456' }
 
     subject do
       post api('/internal/two_factor_manual_otp_check'),
@@ -1493,7 +1522,7 @@ RSpec.describe API::Internal::Base do
 
   describe 'POST /internal/two_factor_push_otp_check' do
     let(:key_id) { key.id }
-    let(:otp) { '123456'}
+    let(:otp) { '123456' }
 
     subject do
       post api('/internal/two_factor_push_otp_check'),
@@ -1514,7 +1543,7 @@ RSpec.describe API::Internal::Base do
 
   describe 'POST /internal/two_factor_manual_otp_check' do
     let(:key_id) { key.id }
-    let(:otp) { '123456'}
+    let(:otp) { '123456' }
 
     subject do
       post api('/internal/two_factor_manual_otp_check'),
@@ -1534,7 +1563,7 @@ RSpec.describe API::Internal::Base do
 
   describe 'POST /internal/two_factor_push_otp_check' do
     let(:key_id) { key.id }
-    let(:otp) { '123456'}
+    let(:otp) { '123456' }
 
     subject do
       post api('/internal/two_factor_push_otp_check'),