From 980633e1a91780e2ac332542d29427ba9699f821 Mon Sep 17 00:00:00 2001 From: Gonzalo Rodriguez Date: Thu, 25 Jan 2018 15:58:18 -0300 Subject: [PATCH] Adds acceptance-oriented tests --- Rakefile | 6 ++++- rack-attack.gemspec | 1 + spec/acceptance/blocking_spec.rb | 21 ++++++++++++++++ spec/acceptance/safelisting_spec.rb | 37 +++++++++++++++++++++++++++++ spec/acceptance/throttling_spec.rb | 30 +++++++++++++++++++++++ 5 files changed, 94 insertions(+), 1 deletion(-) create mode 100644 spec/acceptance/blocking_spec.rb create mode 100644 spec/acceptance/safelisting_spec.rb create mode 100644 spec/acceptance/throttling_spec.rb diff --git a/Rakefile b/Rakefile index 300ec21..475bece 100644 --- a/Rakefile +++ b/Rakefile @@ -11,9 +11,13 @@ namespace :test do Rake::TestTask.new(:integration) do |t| t.pattern = "spec/integration/*_spec.rb" end + + Rake::TestTask.new(:acceptance) do |t| + t.pattern = "spec/acceptance/*_spec.rb" + end end desc 'Run tests' -task :test => %w[test:units test:integration] +task :test => %w[test:units test:integration test:acceptance] task :default => :test diff --git a/rack-attack.gemspec b/rack-attack.gemspec index 1fcdd42..95a833a 100644 --- a/rack-attack.gemspec +++ b/rack-attack.gemspec @@ -33,4 +33,5 @@ Gem::Specification.new do |s| s.add_development_dependency 'dalli' s.add_development_dependency 'connection_pool' s.add_development_dependency 'memcache-client' + s.add_development_dependency "timecop" end diff --git a/spec/acceptance/blocking_spec.rb b/spec/acceptance/blocking_spec.rb new file mode 100644 index 0000000..2e9a562 --- /dev/null +++ b/spec/acceptance/blocking_spec.rb @@ -0,0 +1,21 @@ +require_relative "../spec_helper" + +describe "#blocklist" do + before do + Rack::Attack.blocklist("block 1.2.3.4") do |request| + request.ip == "1.2.3.4" + end + end + + it "forbids request if blocklist condition is true" do + get "/", {}, "REMOTE_ADDR" => "1.2.3.4" + + assert_equal 403, last_response.status + end + + it "succeeds if blocklist condition is false" do + get "/", {}, "REMOTE_ADDR" => "5.6.7.8" + + assert_equal 200, last_response.status + end +end diff --git a/spec/acceptance/safelisting_spec.rb b/spec/acceptance/safelisting_spec.rb new file mode 100644 index 0000000..743d97e --- /dev/null +++ b/spec/acceptance/safelisting_spec.rb @@ -0,0 +1,37 @@ +require_relative "../spec_helper" + +describe "#safelist" do + before do + Rack::Attack.blocklist("block 1.2.3.4") do |request| + request.ip == "1.2.3.4" + end + + Rack::Attack.safelist("safe path") do |request| + request.path == "/safe_space" + end + end + + it "forbids request if blocklist condition is true and safelist is false" do + get "/", {}, "REMOTE_ADDR" => "1.2.3.4" + + assert_equal 403, last_response.status + end + + it "succeeds if blocklist condition is false and safelist is false" do + get "/", {}, "REMOTE_ADDR" => "5.6.7.8" + + assert_equal 200, last_response.status + end + + it "succeeds request if blocklist condition is false and safelist is true" do + get "/safe_space", {}, "REMOTE_ADDR" => "5.6.7.8" + + assert_equal 200, last_response.status + end + + it "succeeds request if both blocklist and safelist conditions are true" do + get "/safe_space", {}, "REMOTE_ADDR" => "1.2.3.4" + + assert_equal 200, last_response.status + end +end diff --git a/spec/acceptance/throttling_spec.rb b/spec/acceptance/throttling_spec.rb new file mode 100644 index 0000000..e157f50 --- /dev/null +++ b/spec/acceptance/throttling_spec.rb @@ -0,0 +1,30 @@ +require_relative "../spec_helper" +require "timecop" + +describe "#throttle" do + it "allows one request per minute by IP" do + Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new + + Rack::Attack.throttle("by ip", limit: 1, period: 60) do |request| + request.ip + end + + get "/", {}, "REMOTE_ADDR" => "1.2.3.4" + + assert_equal 200, last_response.status + + get "/", {}, "REMOTE_ADDR" => "1.2.3.4" + + assert_equal 429, last_response.status + + get "/", {}, "REMOTE_ADDR" => "5.6.7.8" + + assert_equal 200, last_response.status + + Timecop.travel(60) do + get "/", {}, "REMOTE_ADDR" => "1.2.3.4" + + assert_equal 200, last_response.status + end + end +end