11 commits

Author	SHA1	Message	Date
Aaron Suggs	76c2e31430	Normalize request paths when using Rails' ActionDispatch ... The issue --- When using rack-attack with a rails app, developers expect the request path to be normalized. In particular, trailing slashes are stripped so a request path "/login/" becomes "/login" by the time you're in ActionController. Since Rack::Attack runs before ActionDispatch, the request path is not yet normalized. This can cause throttles and blacklists to not work as expected. E.g., a throttle: throttle('logins', ...) {|req| req.path == "/login" } would not match a request to '/login/', though Rails would route '/login/' to the same '/login' action. The solution --- This patch looks if ActionDispatch's request normalization is loaded, and if so, uses it to normalize the path before processing throttles, blacklists, etc. If it's not loaded, the request path is not modified. Credit --- Thanks to Andres Riancho at Include Security for reporting this issue.	2015-12-18 11:12:11 -05:00
Aaron Suggs	11faea4526	specs: use pry instead of debugger	2015-12-18 08:55:09 -05:00
hakanensari	bf40123c04	Move offline case to separate file	2014-04-15 16:17:27 +01:00
Aaron Suggs	c42e035f62	specs: fix MiniTest typo for older ruby versions	2013-10-09 15:31:52 -04:00
Vipul A M	384892ce4c	Make debugger dependency only for ruby platforms	2013-05-06 20:58:01 +05:30
Vipul A M	4fcbe790ed	Remove debugger dependency, as it isn't used	2013-05-06 11:53:58 +05:30
Aaron Suggs	ecec8576ae	Show some minitest pride	2013-03-04 21:06:53 -05:00
Aaron Suggs	80367e1e4a	Add Rack::Attack.track. ... track will fire notifications, but not alter request processing	2013-01-10 19:02:49 -05:00
Aaron Suggs	e166e87fb9	Add throttle support	2012-07-27 17:22:49 -04:00
Aaron Suggs	7fab5df499	WIP	2012-07-24 19:59:46 -04:00
Aaron Suggs	140ea86b7c	Initial commit	2012-07-24 19:40:55 -04:00