sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
799 commits 1 branch 0 tags 1.1 MiB
Commit graph

37 commits

Author SHA1 Message Date
thomas morgan
2fc8c7b65f support rails 7.0 2021-11-17 11:33:17 -07:00
thomas morgan
0fbfda0146 test against dalli 3.0 2021-11-16 10:04:16 -07:00
Gonzalo
55d5e370fd
test: update ruby and rails versions 2020-12-27 16:57:15 -03:00
Gonzalo
9f93d34492
ci: test against latest rack minor versions 2020-02-10 13:16:10 -03:00
fatkodima
bdfb01ab5b Changes and tests 2019-10-08 12:29:25 +03:00
Gonzalo Rodriguez
51a58634a3
ci: update from rails 6.0.0.rc2 to 6.0.0 2019-08-16 18:59:28 -03:00
Gonzalo Rodriguez
78266c19d4
ci: get Travis to test against rails 6 betas 2019-02-26 19:07:19 -03:00
Gonzalo Rodriguez
093d809eae
style: don't enforce rubocop in autogenerated files 2018-10-30 10:23:32 -03:00
Gonzalo Rodriguez
82c0a17dd4
Test against Redis 3.x 2018-09-30 22:02:33 -03:00
Gonzalo Rodriguez
b40b5718dc
rubocop --auto-correct 2018-06-29 15:41:36 -03:00
Gonzalo Rodriguez
e50bfbebaa
Acceptance test plain redis as a cache store backend 2018-06-29 15:41:04 -03:00
Gonzalo Rodriguez
8315a1e7e1
Remove support for unmaintained ruby 2.2 2018-06-28 17:08:15 -03:00
Gonzalo Rodriguez
596ddabb0f
Fix rubocop Bundler/OrderedGems offenses 2018-06-26 13:38:16 -03:00
Gonzalo Rodriguez
3c37390c63
Run with latest activesupport/actionpack when developing 2018-06-26 11:15:13 -03:00
Gonzalo Rodriguez
a72bfb5fc7
Only require redis stores when running their respective appraisal 2018-06-22 18:55:27 -03:00
Gonzalo Rodriguez
bd2ade8977
Only require connection_pool running connection_pool appraisal 2018-06-22 17:45:58 -03:00
Gonzalo Rodriguez
9257e40b96
Make rack-test compatible again with actionpack for some appraisals runs 2018-06-21 17:40:44 -03:00
Gonzalo Rodriguez
4491e32180
Enable Bundler rubocop cops 2018-04-17 01:03:13 -04:00
Gonzalo Rodriguez
8a6bb6bc5e
Drop support for rails 5.0, it's an unmaintained series now 2018-04-10 11:43:46 -04:00
Gonzalo Rodriguez
2e9eb6716f
Don't allow failures against rails 5.2, it's out now 2018-04-10 11:02:17 -04:00
Gonzalo Rodriguez
a8200ea95a
Explicitly test against supported rack versions 2018-04-10 10:35:14 -04:00
Gonzalo Rodriguez
e7792aadd7
Remove obsolete piece of autogenerated appraisal gemfile 2018-04-10 10:33:26 -04:00
Gonzalo Rodriguez
859c212058 Merge branch 'master' into move_all_deps_to_gemspec 2018-03-09 10:19:25 -03:00
Gonzalo Rodriguez
d6d471fea5 Move all dependencies to gemspec 2018-02-02 16:05:04 -03:00
Gonzalo Rodriguez
53095231cc Test against rails 5.2.0.rc to get early feedback without causing TravisCI build failures 2018-02-02 13:14:21 -03:00
Gonzalo
a19f92738d Test against actively supported rubies and gems 
https://www.ruby-lang.org/en/downloads/branches://www.ruby-lang.org/en/downloads/branches/
http://guides.rubyonrails.org/maintenance_policy.html
https://www.ruby-lang.org/en/downloads/releases/
 2018-01-17 13:49:24 -03:00
Aaron Suggs
8a6e1e6c03 Add tests for ActiveSupport 5.0 2016-07-05 14:27:49 -04:00
Aaron Suggs
ac4975e692 Remove ruby2.0 exceptions from gemfiles 
..since I stopped testing it in #184
 2016-07-04 22:46:54 -04:00
Aaron Suggs
f6762dfc63 Drop test coverage for activesupport 3.2/4.0; dalli 1.1 
They’re EOL, and the tests are a pain to maintain.
 2016-07-04 22:12:55 -04:00
Renée Hendricksen
c3ccb6f641 working Travis CI tests 2016-07-01 18:22:21 -04:00
Aaron Suggs
57f513e1e9 Fix Appraisals & gemfile tests 
The gemfiles had drifted from the Appraisals file from which they’re
generated.
 2015-12-21 09:34:21 -05:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
1981b38063 [travis] Test activesupport 4.2 2015-05-22 14:29:08 -04:00
hakanensari
0640a53cdf Use Appraisal to test against multiple versions 2014-04-09 13:11:43 +01:00
Aaron Suggs
db42cc702e tests: add gemfiles for dalli 1.1.x and 2.x 2014-03-31 18:42:27 -04:00
Aaron Suggs
3cec847048 [travisci] Fix gemspec path in gemfiles 2013-08-20 13:53:18 -04:00
Aaron Suggs
da2f265e7e [travisci] Add tests for activesupport 3.2 and 4.0 2013-08-20 13:47:45 -04:00