sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-04-01 10:35:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
383 commits 1 branch 0 tags 1.1 MiB
Commit graph

15 commits

Author SHA1 Message Date
Gonzalo Rodriguez
53b0561e7f
Merge pull request #272 from grzuy/rack_lint 
Use Rack::Lint in tests to check any change continues to comply with the rack spec
 2018-03-09 10:11:05 -03:00
Gonzalo Rodriguez
f27432df91 Use Rack::Lint in tests to check any change continues complying with the rack spec 2018-01-30 10:08:20 -03:00
Gonzalo Rodriguez
ca739946ce Attempt to make it easier to understand that the method is making assertions 2018-01-25 10:53:47 -03:00
Gonzalo Rodriguez
34ee066eac Drop support for Rails 3 2018-01-23 16:12:16 -03:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
11faea4526 specs: use pry instead of debugger 2015-12-18 08:55:09 -05:00
hakanensari
bf40123c04 Move offline case to separate file 2014-04-15 16:17:27 +01:00
Aaron Suggs
c42e035f62 specs: fix MiniTest typo for older ruby versions 2013-10-09 15:31:52 -04:00
Vipul A M
384892ce4c Make debugger dependency only for ruby platforms 2013-05-06 20:58:01 +05:30
Vipul A M
4fcbe790ed Remove debugger dependency, as it isn't used 2013-05-06 11:53:58 +05:30
Aaron Suggs
ecec8576ae Show some minitest pride 2013-03-04 21:06:53 -05:00
Aaron Suggs
80367e1e4a Add Rack::Attack.track. 
track will fire notifications, but not alter request processing
 2013-01-10 19:02:49 -05:00
Aaron Suggs
e166e87fb9 Add throttle support 2012-07-27 17:22:49 -04:00
Aaron Suggs
7fab5df499 WIP 2012-07-24 19:59:46 -04:00
Aaron Suggs
140ea86b7c Initial commit 2012-07-24 19:40:55 -04:00