demarches-normaliennes/spec/middlewares/rack_attack_spec.rb

describe Rack::Attack, type: :request do
  let(:limit) { 5 }
  let(:period) { 20 }
  let(:ip) { "1.2.3.4" }

  before(:each) do
    ENV['RACK_ATTACK_ENABLE'] = 'true'
    setup_rack_attack_cache_store
    avoid_test_overlaps_in_cache
  end

  after do
    ENV['RACK_ATTACK_ENABLE'] = 'false'
  end

  def setup_rack_attack_cache_store
    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
  end

  def avoid_test_overlaps_in_cache
    Rails.cache.clear
  end

  context '/users/sign_in' do
    before do
      limit.times do
        Rack::Attack.cache.count("/users/sign_in/ip:#{ip}", period)
      end
    end

    subject do
      post "/users/sign_in", headers: { 'X-Forwarded-For': ip }
    end

    it "throttle excessive requests by IP address" do
      subject

      expect(response).to have_http_status(:too_many_requests)
    end

    context 'when the ip is whitelisted' do
      before do
        allow(IPService).to receive(:ip_trusted?).and_return(true)
        allow_any_instance_of(Users::SessionsController).to receive(:create).and_return(:ok)
      end

      it "respects the whitelist" do
        subject

        expect(response).not_to have_http_status(:too_many_requests)
      end
    end
  end
end
RackAttack: use remote ip and test it ! 2019-08-01 17:12:59 +02:00			`describe Rack::Attack, type: :request do`
			`let(:limit) { 5 }`
			`let(:period) { 20 }`
			`let(:ip) { "1.2.3.4" }`

			`before(:each) do`
Use rack_attack_enabled? We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime. 2019-08-19 15:15:50 +02:00			`ENV['RACK_ATTACK_ENABLE'] = 'true'`
RackAttack: use remote ip and test it ! 2019-08-01 17:12:59 +02:00			`setup_rack_attack_cache_store`
			`avoid_test_overlaps_in_cache`
			`end`

Use rack_attack_enabled? We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime. 2019-08-19 15:15:50 +02:00			`after do`
			`ENV['RACK_ATTACK_ENABLE'] = 'false'`
			`end`

RackAttack: use remote ip and test it ! 2019-08-01 17:12:59 +02:00			`def setup_rack_attack_cache_store`
			`Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new`
			`end`

			`def avoid_test_overlaps_in_cache`
			`Rails.cache.clear`
			`end`

			`context '/users/sign_in' do`
			`before do`
			`limit.times do`
			`Rack::Attack.cache.count("/users/sign_in/ip:#{ip}", period)`
			`end`
			`end`

			`subject do`
			`post "/users/sign_in", headers: { 'X-Forwarded-For': ip }`
			`end`

			`it "throttle excessive requests by IP address" do`
			`subject`

			`expect(response).to have_http_status(:too_many_requests)`
			`end`

			`context 'when the ip is whitelisted' do`
			`before do`
			`allow(IPService).to receive(:ip_trusted?).and_return(true)`
			`allow_any_instance_of(Users::SessionsController).to receive(:create).and_return(:ok)`
			`end`

			`it "respects the whitelist" do`
			`subject`

			`expect(response).not_to have_http_status(:too_many_requests)`
			`end`
			`end`
			`end`
			`end`