Use rack_attack_enabled?
We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime.
This commit is contained in:
parent
0f0fecdb25
commit
86d968bb8e
2 changed files with 29 additions and 22 deletions
|
@ -1,19 +1,18 @@
|
|||
if Rails.env.production?
|
||||
class Rack::Attack
|
||||
class Rack::Attack
|
||||
throttle('/users/sign_in/ip', limit: 5, period: 20.seconds) do |req|
|
||||
if req.path == '/users/sign_in' && req.post?
|
||||
if req.path == '/users/sign_in' && req.post? && rack_attack_enabled?
|
||||
req.remote_ip
|
||||
end
|
||||
end
|
||||
|
||||
throttle('stats/ip', limit: 5, period: 20.seconds) do |req|
|
||||
if req.path == '/stats'
|
||||
if req.path == '/stats' && rack_attack_enabled?
|
||||
req.remote_ip
|
||||
end
|
||||
end
|
||||
|
||||
throttle('contact/ip', limit: 5, period: 20.seconds) do |req|
|
||||
if req.path == '/contact' && req.post?
|
||||
if req.path == '/contact' && req.post? && rack_attack_enabled?
|
||||
req.remote_ip
|
||||
end
|
||||
end
|
||||
|
@ -21,5 +20,8 @@ if Rails.env.production?
|
|||
Rack::Attack.safelist('allow from localhost') do |req|
|
||||
IPService.ip_trusted?(req.remote_ip)
|
||||
end
|
||||
|
||||
def self.rack_attack_enabled?
|
||||
ENV['RACK_ATTACK_ENABLE'] == 'true'
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,10 +6,15 @@ describe Rack::Attack, type: :request do
|
|||
let(:ip) { "1.2.3.4" }
|
||||
|
||||
before(:each) do
|
||||
ENV['RACK_ATTACK_ENABLE'] = 'true'
|
||||
setup_rack_attack_cache_store
|
||||
avoid_test_overlaps_in_cache
|
||||
end
|
||||
|
||||
after do
|
||||
ENV['RACK_ATTACK_ENABLE'] = 'false'
|
||||
end
|
||||
|
||||
def setup_rack_attack_cache_store
|
||||
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue