Add latest changes from gitlab-org/gitlab@master

134fe182 · GitLab Bot · 6a7cc8c1 · 134fe182 · 134fe182
Commit 134fe182 authored 5 years ago by GitLab Bot
--- a/spec/lib/gitlab/action_rate_limiter_spec.rb
+++ b/spec/lib/gitlab/action_rate_limiter_spec.rb
@@ -2,30 +2,40 @@
  
 require 'spec_helper'
  
-describe Gitlab::ActionRateLimiter, :clean_gitlab_redis_cache do
+describe Gitlab::ApplicationRateLimiter, :clean_gitlab_redis_cache do
  let(:redis) { double('redis') }
  let(:user) { create(:user) }
  let(:project) { create(:project) }
+  let(:rate_limits) do
+    {
+      test_action: {
+        threshold: 1,
+        interval: 2.minutes
+      }
+    }
+  end
+  let(:key) { rate_limits.keys[0] }
  
-  subject { described_class.new(action: :test_action, expiry_time: 100) }
+  subject { described_class }
  
  before do
    allow(Gitlab::Redis::Cache).to receive(:with).and_yield(redis)
+    allow(described_class).to receive(:rate_limits).and_return(rate_limits)
  end
  
  shared_examples 'action rate limiter' do
    it 'increases the throttle count and sets the expiration time' do
      expect(redis).to receive(:incr).with(cache_key).and_return(1)
-      expect(redis).to receive(:expire).with(cache_key, 100)
+      expect(redis).to receive(:expire).with(cache_key, 120)
  
-      expect(subject.throttled?(key, 1)).to be_falsy
+      expect(subject.throttled?(key, scope: scope)).to be_falsy
    end
  
    it 'returns true if the key is throttled' do
      expect(redis).to receive(:incr).with(cache_key).and_return(2)
      expect(redis).not_to receive(:expire)
  
-      expect(subject.throttled?(key, 1)).to be_truthy
+      expect(subject.throttled?(key, scope: scope)).to be_truthy
    end
  
    context 'when throttling is disabled' do
@@ -33,16 +43,16 @@ describe Gitlab::ActionRateLimiter, :clean_gitlab_redis_cache do
        expect(redis).not_to receive(:incr)
        expect(redis).not_to receive(:expire)
  
-        expect(subject.throttled?(key, 0)).to be_falsy
+        expect(subject.throttled?(key, scope: scope, threshold: 0)).to be_falsy
      end
    end
  end
  
  context 'when the key is an array of only ActiveRecord models' do
-    let(:key) { [user, project] }
+    let(:scope) { [user, project] }
  
    let(:cache_key) do
-      "action_rate_limiter:test_action:user:#{user.id}:project:#{project.id}"
+      "application_rate_limiter:test_action:user:#{user.id}:project:#{project.id}"
    end
  
    it_behaves_like 'action rate limiter'
@@ -52,10 +62,10 @@ describe Gitlab::ActionRateLimiter, :clean_gitlab_redis_cache do
    let(:project) { create(:project, :public, :repository) }
    let(:commit) { project.repository.commit }
    let(:path) { 'app/controllers/groups_controller.rb' }
-    let(:key) { [project, commit, path] }
+    let(:scope) { [project, commit, path] }
  
    let(:cache_key) do
-      "action_rate_limiter:test_action:project:#{project.id}:commit:#{commit.sha}:#{path}"
+      "application_rate_limiter:test_action:project:#{project.id}:commit:#{commit.sha}:#{path}"
    end
  
    it_behaves_like 'action rate limiter'
@@ -72,7 +82,7 @@ describe Gitlab::ActionRateLimiter, :clean_gitlab_redis_cache do
  
    let(:base_attributes) do
      {
-        message: 'Action_Rate_Limiter_Request',
+        message: 'Application_Rate_Limiter_Request',
        env: type,
        remote_ip: '127.0.0.1',
        request_method: 'GET',

--- a/spec/requests/api/project_export_spec.rb
+++ b/spec/requests/api/project_export_spec.rb
@@ -2,7 +2,7 @@
  
 require 'spec_helper'
  
-describe API::ProjectExport do
+describe API::ProjectExport, :clean_gitlab_redis_cache do
  set(:project) { create(:project) }
  set(:project_none) { create(:project) }
  set(:project_started) { create(:project) }
@@ -47,6 +47,19 @@ describe API::ProjectExport do
    it_behaves_like '404 response'
  end
  
+  shared_examples_for 'when rate limit is exceeded' do
+    before do
+      allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(true)
+    end
+
+    it 'prevents requesting project export' do
+      request
+
+      expect(response).to have_gitlab_http_status(429)
+      expect(json_response['message']['error']).to eq('This endpoint has been requested too many times. Try again later.')
+    end
+  end
+
  describe 'GET /projects/:project_id/export' do
    shared_examples_for 'get project export status not found' do
      it_behaves_like '404 response' do
@@ -219,6 +232,12 @@ describe API::ProjectExport do
        let(:user) { admin }
  
        it_behaves_like 'get project download by strategy'
+
+        context 'when rate limit is exceeded' do
+          let(:request) { get api(download_path, admin) }
+
+          include_examples 'when rate limit is exceeded'
+        end
      end
  
      context 'when user is a maintainer' do
@@ -329,6 +348,12 @@ describe API::ProjectExport do
        let(:user) { admin }
  
        it_behaves_like 'post project export start'
+
+        context 'when rate limit is exceeded' do
+          let(:request) { post api(path, admin) }
+
+          include_examples 'when rate limit is exceeded'
+        end
      end
  
      context 'when user is a maintainer' do