sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
429 commits 1 branch 0 tags 1.1 MiB
Commit graph

91 commits

Author SHA1 Message Date
Gonzalo Rodriguez
ba91e23419
Acceptance test ability to extend the request object 2018-03-22 10:44:32 -03:00
Gonzalo Rodriguez
0ff1b5be83
Make throttling_spec work when running it with rails 4.2 2018-03-21 17:29:44 -03:00
Gonzalo Rodriguez
08b2cc4d95
Acceptance test throttling with a dynamic period 2018-03-21 17:10:27 -03:00
Gonzalo Rodriguez
e17d2d8974
Acceptance test throttling with a dynamic limit 2018-03-20 19:07:31 -03:00
Gonzalo Rodriguez
8b4f27827d
Merge pull request #307 from grzuy/acceptance_test_store_config 
Acceptance test cache store config when Rails is present
 2018-03-20 18:15:25 -03:00
Gonzalo Rodriguez
330d25c832
Acceptance test cache store config when Rails is present 2018-03-20 11:42:27 -03:00
Gonzalo Rodriguez
5e0cd031b6
Acceptance test throttle Retry-After header 2018-03-20 10:24:25 -03:00
Gonzalo Rodriguez
bde30e38d7
Acceptance test cache store config for allow2ban 2018-03-16 18:20:27 -03:00
Gonzalo Rodriguez
32ec6f778a
Acceptance test cache store config for fail2ban 2018-03-16 18:11:45 -03:00
Gonzalo Rodriguez
9e16049d00
Merge branch 'acceptance_test_fail2ban' 2018-03-16 16:44:03 -03:00
Gonzalo Rodriguez
4d5a6936ce
Acceptance test allow2ban 2018-03-16 16:14:52 -03:00
Gonzalo Rodriguez
14c8b9261c
Acceptance test fail2ban 2018-03-16 15:29:01 -03:00
Gonzalo Rodriguez
666dc3d894
Acceptance test ability to customize blocked/throttled responses (#298) 
* Acceptance test ability to customize blocked/throttled responses

* Don't let customizations to blocklisted/throttled responses leak to other test cases
 2018-03-15 15:24:22 -03:00
Gonzalo Rodriguez
02908ce5ca
Acceptance test cache store config for throttle without Rails 2018-03-14 17:40:30 -03:00
Gonzalo Rodriguez
564cbedb36
Acceptance test that tracking throttles doesn't actually throttle requests 2018-03-13 18:27:19 -03:00
Gonzalo Rodriguez
066434973f
Acceptance test Rack::Attack#track for throttle 2018-03-13 14:43:37 -03:00
Gonzalo Rodriguez
569ecec7c7
Acceptance test Rack::Attack#track 2018-03-13 14:19:22 -03:00
Gonzalo Rodriguez
2406435663
Ability to use byebug easily while developing/testing 2018-03-09 13:52:06 -03:00
Gonzalo Rodriguez
922917d5a4
Merge pull request #274 from grzuy/help_debug_cache_issues 
Help users understand more clearly when the store is misconfigured
 2018-03-09 10:28:08 -03:00
Gonzalo Rodriguez
53b0561e7f
Merge pull request #272 from grzuy/rack_lint 
Use Rack::Lint in tests to check any change continues to comply with the rack spec
 2018-03-09 10:11:05 -03:00
Gonzalo Rodriguez
8603a3e056
Merge pull request #266 from grzuy/test_understandability 
Attempt to make it easier to understand that the method is making assertions
 2018-03-09 10:10:48 -03:00
Gonzalo Rodriguez
66909c6419
Merge pull request #269 from grzuy/acceptance_tests 
Adds acceptance-oriented tests
 2018-03-08 18:17:35 -03:00
Gonzalo Rodriguez
7bb7a05987 Help users understand more clearly when the store is misconfigured 2018-02-01 10:06:39 -03:00
Gonzalo Rodriguez
f27432df91 Use Rack::Lint in tests to check any change continues complying with the rack spec 2018-01-30 10:08:20 -03:00
Gonzalo Rodriguez
980633e1a9 Adds acceptance-oriented tests 2018-01-25 18:21:29 -03:00
Gonzalo Rodriguez
73e267782b Remove request duplication in rack_attack_spec.rb 2018-01-25 10:54:19 -03:00
Gonzalo Rodriguez
ca739946ce Attempt to make it easier to understand that the method is making assertions 2018-01-25 10:53:47 -03:00
Corey Farwell
6f545e2665
Merge pull request #262 from grzuy/legibility 
Attempt to improve legibility
 2018-01-23 17:46:03 -05:00
Corey Farwell
f91f3a403c
Merge pull request #264 from grzuy/drop_support_for_rails_3 
Drop support for unmaintaned Rails 3
 2018-01-23 17:45:29 -05:00
Gonzalo Rodriguez
34ee066eac Drop support for Rails 3 2018-01-23 16:12:16 -03:00
Gonzalo Rodriguez
e8102910bf Fixes warning 'DEPRECATED: Use assert_nil if expecting nil from ...' 2018-01-23 15:07:49 -03:00
Gonzalo
79d21fc3ac Attempt to improve legibility 2018-01-19 12:00:38 -03:00
Mike Ferrier
031efcd123 add a spec to specify the behavior of non-matching throttle blocks 2016-07-13 10:20:08 -04:00
Aaron Suggs
ff22014a03 [tests] Fix gotcha with new activesupport redis versions 
This fixes the error:

    uninitialized constant ActiveSupport::VERSION

when loading active_support/cache/redis_store
 2016-07-11 15:23:06 -04:00
Aaron Suggs
f5f08d56e5 More safelist/blocklist refactoring 
- Add Rack::Attack namespace to deprecation warning.
- Add deprecated Rack::Attack.blacklisted_response attr methods.
 2016-07-04 21:42:41 -04:00
Renée Hendricksen
e1a0c804e1 suggesting changing whitelist/blacklist language to less controversial safelist/blocklist language 
add deprication warnings

fix the method signatures
 2016-07-01 21:44:45 -04:00
Vincent Boisard
297ef4a2ae Merge branch 'master' of github.com:kickstarter/rack-attack 2015-12-29 10:10:36 +01:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
11faea4526 specs: use pry instead of debugger 2015-12-18 08:55:09 -05:00
Vincent Boisard
397a7ce7b4 feature: support for ActiveSupport::MemCacheStore 2015-12-08 10:53:53 +01:00
Aaron Suggs
64fe10f64e Clarifying comments for #delete spec method 2015-05-22 13:48:32 -04:00
Stan Hu
91947b83a4 Support the ability to reset Fail2Ban count and ban flag 
Closes #113
 2015-05-22 09:47:32 -04:00
Stan Hu
ff15447f3a Support delete method for Redis 2015-03-15 12:13:44 -07:00
Aaron Suggs
b0bf74f9d9 Fix test assertion 2015-01-27 16:18:55 -05:00
Genadi Samokovarov
d9a5587676 Allow throttle period option to be a proc 
I need to filter requests on a period I need to get dynamically out of
information I have in the requests. Currently, I can work out the limit,
as it can be a `Proc`, however I can't do that with the period.

This PR adds support for that. Tried to do it in a way that doesn't
brake backwards compatibility, as periods are coerced to numbers during
`Rack::Throttle` initialization.
 2014-09-19 19:32:39 +02:00
Paul Coates
e8d98a7ad3 Changed track checker to track filter. Made track filter tests more clear. 2014-05-22 10:11:23 -07:00
Paul Coates
1ebe1c3517 Added limit and period options to track. Delegates [] to Throttle if they are present otherwise Check. 2014-05-19 11:11:01 -07:00
blahed
97dce48bfc add throttle discriminator to rack env 2014-05-01 22:20:13 -04:00
Aaron Suggs
833e1e937d Integration tests: use 127.0.0.1 instead of localhost 2014-04-25 13:19:22 -05:00
hakanensari
5ff5bf44ba Don't memoize in test 
I don’t think this has any side effect, but still…
 2014-04-17 18:21:13 +01:00