rack-attack 5.0.1 → 5.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0d4400f3695de545e524a11ed1eaa0ae14a5f3d2
-  data.tar.gz: 76c98ade06cea2447a46de122ab23dbc858b8c1d
+SHA256:
+  metadata.gz: 6adfaa8597fafd710ea09558be12046bf35eb3816a2cb81c275e07f12c3ebc9f
+  data.tar.gz: 9e256c9b94880a4118f47d3bec2826bdb1b0d6fb501567384cd3a8049b44fa86
 SHA512:
-  metadata.gz: 44d33cd6011e99ec3ca5cbdd8d1bcdecb8f2463fbd55e22f0266f0b17d660416f68d7ce46ac6f318549edc25b937ea3f0f73df14e9865dcb26f0d935f43a3682
-  data.tar.gz: 1be320077b7533ad2edb48a7799ee9681641beeb4a0232d2079f664ac73494c3cd5c50f403405656177e70a377435834b1b8af7fc922ecbd3bc72165f8659bf5
+  metadata.gz: ab110884b8a75cec12ce734457a5e71f1f04351ad21f6ce160dbfda8161c642521e23c6d0d655dd03f51bafffecdff188cb89d88bf2b2e3b40e109bbf1ebffa2
+  data.tar.gz: c9e46912da6c457bc53970122c4cfc3afab4977037bf52c1dcd5ba9502ba6d83c0137b939d217645df347d2ac1cbec1b796f0d114bae2d0a668e4850dcc018b2

data/README.md

@@ -8,10 +8,14 @@ Throttle and fail2ban state is stored in a configurable cache (e.g. `Rails.cache
 
 See the [Backing & Hacking blog post](http://www.kickstarter.com/backing-and-hacking/rack-attack-protection-from-abusive-clients) introducing Rack::Attack.
 
-[![Gem Version](https://badge.fury.io/rb/rack-attack.png)](http://badge.fury.io/rb/rack-attack)
-[![Build Status](https://travis-ci.org/kickstarter/rack-attack.png?branch=master)](https://travis-ci.org/kickstarter/rack-attack)
-[![Code Climate](https://codeclimate.com/github/kickstarter/rack-attack.png)](https://codeclimate.com/github/kickstarter/rack-attack)
+[![Gem Version](https://badge.fury.io/rb/rack-attack.svg)](http://badge.fury.io/rb/rack-attack)
+[![Build Status](https://travis-ci.org/kickstarter/rack-attack.svg?branch=master)](https://travis-ci.org/kickstarter/rack-attack)
+[![Code Climate](https://codeclimate.com/github/kickstarter/rack-attack.svg)](https://codeclimate.com/github/kickstarter/rack-attack)
 
+## Looking for maintainers
+
+I'm looking for new maintainers to help me support Rack::Attack. Check out
+[issue #219 for details](https://github.com/kickstarter/rack-attack/issues/219).
 
 ## Getting started
 
@@ -22,7 +26,7 @@ Install the [rack-attack](http://rubygems.org/gems/rack-attack) gem; or add it t
 gem 'rack-attack'
 ```
 Tell your app to use the Rack::Attack middleware.
-For Rails 3+ apps:
+For Rails apps:
 
 ```ruby
 # In config/application.rb
@@ -36,9 +40,9 @@ Or for Rackup files:
 use Rack::Attack
 ```
 
-Add a `rack-attack.rb` file to `config/initializers/`:
+Add a `rack_attack.rb` file to `config/initializers/`:
 ```ruby
-# In config/initializers/rack-attack.rb
+# In config/initializers/rack_attack.rb
 class Rack::Attack
   # your custom configuration...
 end
@@ -136,7 +140,7 @@ how the parameters work.  For multiple filters, be sure to put each filter in a
 Rack::Attack.blocklist('fail2ban pentesters') do |req|
   # `filter` returns truthy value if request fails, or if it's from a previously banned IP
   # so the request is blocked
-  Rack::Attack::Fail2Ban.filter("pentesters-#{req.ip}", :maxretry => 3, :findtime => 10.minutes, :bantime => 5.minutes) do
+  Rack::Attack::Fail2Ban.filter("pentesters-#{req.ip}", maxretry: 3, findtime: 10.minutes, bantime: 5.minutes) do
     # The count for the IP is incremented if the return value is truthy
     CGI.unescape(req.query_string) =~ %r{/etc/passwd} ||
     req.path.include?('/etc/passwd') ||
@@ -159,7 +163,7 @@ Rack::Attack.blocklist('allow2ban login scrapers') do |req|
   # `filter` returns false value if request is to your login page (but still
   # increments the count) so request below the limit are not blocked until
   # they hit the limit.  At that point, filter will return true and block.
-  Rack::Attack::Allow2Ban.filter(req.ip, :maxretry => 20, :findtime => 1.minute, :bantime => 1.hour) do
+  Rack::Attack::Allow2Ban.filter(req.ip, maxretry: 20, findtime: 1.minute, bantime: 1.hour) do
     # The count for the IP is incremented if the return value is truthy.
     req.path == '/login' and req.post?
   end
@@ -171,7 +175,7 @@ end
 
 ```ruby
 # Throttle requests to 5 requests per second per ip
-Rack::Attack.throttle('req/ip', :limit => 5, :period => 1.second) do |req|
+Rack::Attack.throttle('req/ip', limit: 5, period: 1.second) do |req|
   # If the return value is truthy, the cache key for the return value
   # is incremented and compared with the limit. In this case:
   #   "rack::attack:#{Time.now.to_i/1.second}:req/ip:#{req.ip}"
@@ -183,7 +187,7 @@ end
 
 # Throttle login attempts for a given email parameter to 6 reqs/minute
 # Return the email as a discriminator on POST /login requests
-Rack::Attack.throttle('logins/email', :limit => 6, :period => 60.seconds) do |req|
+Rack::Attack.throttle('logins/email', limit: 6, period: 60) do |req|
   req.params['email'] if req.path == '/login' && req.post?
 end
 
@@ -191,7 +195,7 @@ end
 # Rack::Auth::Basic has authenticated the user:
 limit_proc = proc {|req| req.env["REMOTE_USER"] == "admin" ? 100 : 1}
 period_proc = proc {|req| req.env["REMOTE_USER"] == "admin" ? 1.second : 1.minute}
-Rack::Attack.throttle('req/ip', :limit => limit_proc, :period => period_proc) do |req|
+Rack::Attack.throttle('req/ip', limit: limit_proc, period: period_proc) do |req|
   req.ip
 end
 ```
@@ -205,7 +209,7 @@ Rack::Attack.track("special_agent") do |req|
 end
 
 # Supports optional limit and period, triggers the notification only when the limit is reached.
-Rack::Attack.track("special_agent", :limit => 6, :period => 60.seconds) do |req|
+Rack::Attack.track("special_agent", limit: 6, period: 60) do |req|
   req.user_agent == "SpecialAgent"
 end
 
@@ -233,7 +237,8 @@ Rack::Attack.throttled_response = lambda do |env|
   # NB: you have access to the name and other data about the matched throttle
   #  env['rack.attack.matched'],
   #  env['rack.attack.match_type'],
-  #  env['rack.attack.match_data']
+  #  env['rack.attack.match_data'],
+  #  env['rack.attack.match_discriminator']
 
   # Using 503 because it may make attacker think that they have successfully
   # DOSed the site. Rack::Attack returns 429 for throttling by default
@@ -316,6 +321,23 @@ Pull requests and issues are greatly appreciated. This project is intended to be
 a safe, welcoming space for collaboration, and contributors are expected to
 adhere to the [Code of Conduct](CODE_OF_CONDUCT.md).
 
+### Testing pull requests
+
+To run the minitest test suite, you will need both [Redis](http://redis.io/) and
+[Memcached](https://memcached.org/) running locally and bound to IP `127.0.0.1` on
+default ports (`6379` for Redis, and `11211` for Memcached) and able to be
+accessed without authentication.
+
+Install dependencies by running
+```sh
+bundle install
+```
+
+Then run the test suite by running
+```sh
+bundle exec rake
+```
+
 ## Mailing list
 
 New releases of Rack::Attack are announced on

data/Rakefile

@@ -10,11 +10,14 @@ namespace :test do
 
   Rake::TestTask.new(:integration) do |t|
     t.pattern = "spec/integration/*_spec.rb"
-    t.warning = false
+  end
+
+  Rake::TestTask.new(:acceptance) do |t|
+    t.pattern = "spec/acceptance/*_spec.rb"
   end
 end
 
 desc 'Run tests'
-task :test => %w[test:units test:integration]
+task :test => %w[test:units test:integration test:acceptance]
 
 task :default => :test

data/lib/rack/attack.rb

@@ -2,11 +2,14 @@ require 'rack'
 require 'forwardable'
 
 class Rack::Attack
+  class MisconfiguredStoreError < StandardError; end
+  class MissingStoreError < StandardError; end
+
   autoload :Cache,           'rack/attack/cache'
   autoload :PathNormalizer,  'rack/attack/path_normalizer'
   autoload :Check,           'rack/attack/check'
   autoload :Throttle,        'rack/attack/throttle'
-  autoload :Safelist,       'rack/attack/safelist'
+  autoload :Safelist,        'rack/attack/safelist'
   autoload :Blocklist,       'rack/attack/blocklist'
   autoload :Track,           'rack/attack/track'
   autoload :StoreProxy,      'rack/attack/store_proxy'
@@ -47,7 +50,7 @@ class Rack::Attack
       self.tracks[name] = Track.new(name, options, block)
     end
 
-    def safelists; @safelists ||= {}; end
+    def safelists;  @safelists  ||= {}; end
     def blocklists; @blocklists ||= {}; end
     def throttles;  @throttles  ||= {}; end
     def tracks;     @tracks     ||= {}; end
@@ -115,7 +118,7 @@ class Rack::Attack
 
     def blacklisted_response
       warn "[DEPRECATION] 'Rack::Attack.blacklisted_response' is deprecated.  Please use 'blocklisted_response' instead."
-      self.blocklisted_response
+      blocklisted_response
     end
 
   end

data/lib/rack/attack/allow2ban.rb

@@ -7,7 +7,7 @@ module Rack
           'allow2ban'
         end
 
-        # everything the same here except we return only return true
+        # everything is the same here except we only return true
         # (blocking the request) if they have tripped the limit.
         def fail!(discriminator, bantime, findtime, maxretry)
           count = cache.count("#{key_prefix}:count:#{discriminator}", findtime)

data/lib/rack/attack/cache.rb

@@ -46,15 +46,20 @@ module Rack
       end
 
       def do_count(key, expires_in)
-        result = store.increment(key, 1, :expires_in => expires_in)
+        if store.nil?
+          raise Rack::Attack::MissingStoreError
+        elsif !store.respond_to?(:increment)
+          raise Rack::Attack::MisconfiguredStoreError, "Store needs to respond to #increment"
+        else
+          result = store.increment(key, 1, :expires_in => expires_in)
 
-        # NB: Some stores return nil when incrementing uninitialized values
-        if result.nil?
-          store.write(key, 1, :expires_in => expires_in)
+          # NB: Some stores return nil when incrementing uninitialized values
+          if result.nil?
+            store.write(key, 1, :expires_in => expires_in)
+          end
+          result || 1
         end
-        result || 1
       end
-
     end
   end
 end

data/lib/rack/attack/path_normalizer.rb

@@ -15,11 +15,8 @@ class Rack::Attack
   end
 
   PathNormalizer = if defined?(::ActionDispatch::Journey::Router::Utils)
-                 # For Rails 4+ apps
+                 # For Rails apps
                  ::ActionDispatch::Journey::Router::Utils
-               elsif defined?(::Journey::Router::Utils)
-                 # for Rails 3.2
-                 ::Journey::Router::Utils
                else
                  FallbackPathNormalizer
                end

data/lib/rack/attack/store_proxy.rb

@@ -1,7 +1,7 @@
 module Rack
   class Attack
     module StoreProxy
-      PROXIES = [DalliProxy, MemCacheProxy, RedisStoreProxy]
+      PROXIES = [DalliProxy, MemCacheProxy, RedisStoreProxy].freeze
 
       ACTIVE_SUPPORT_WRAPPER_CLASSES = Set.new(['ActiveSupport::Cache::MemCacheStore', 'ActiveSupport::Cache::RedisStore']).freeze
       ACTIVE_SUPPORT_CLIENTS = Set.new(['Redis::Store', 'Dalli::Client', 'MemCache']).freeze
@@ -20,7 +20,10 @@ module Rack
         # We also want to use the underlying Dalli client instead of ::ActiveSupport::Cache::MemCacheStore,
         # and the MemCache client if using Rails 3.x
 
-        client = store.instance_variable_get(:@data)
+        if store.instance_variable_defined?(:@data)
+          client = store.instance_variable_get(:@data)
+        end
+
         if ACTIVE_SUPPORT_WRAPPER_CLASSES.include?(store.class.to_s) && ACTIVE_SUPPORT_CLIENTS.include?(client.class.to_s)
           client
         else

data/lib/rack/attack/store_proxy/redis_store_proxy.rb

@@ -5,7 +5,14 @@ module Rack
     module StoreProxy
       class RedisStoreProxy < SimpleDelegator
         def self.handle?(store)
-          defined?(::Redis::Store) && store.is_a?(::Redis::Store)
+          # Using const_defined? for now.
+          #
+          # Go back to use defined? once this ruby issue is
+          # fixed and released:
+          # https://bugs.ruby-lang.org/issues/14407
+          #
+          # defined?(::Redis::Store) && store.is_a?(::Redis::Store)
+          const_defined?("::Redis::Store") && store.is_a?(::Redis::Store)
         end
 
         def initialize(store)
@@ -13,31 +20,33 @@ module Rack
         end
 
         def read(key)
-          self.get(key, raw: true)
+          get(key, raw: true)
         rescue Redis::BaseError
         end
 
         def write(key, value, options={})
           if (expires_in = options[:expires_in])
-            self.setex(key, expires_in, value, raw: true)
+            setex(key, expires_in, value, raw: true)
           else
-            self.set(key, value, raw: true)
+            set(key, value, raw: true)
           end
         rescue Redis::BaseError
         end
 
         def increment(key, amount, options={})
           count = nil
-          self.pipelined do
-            count = self.incrby(key, amount)
-            self.expire(key, options[:expires_in]) if options[:expires_in]
+
+          pipelined do
+            count = incrby(key, amount)
+            expire(key, options[:expires_in]) if options[:expires_in]
           end
+
           count.value if count
         rescue Redis::BaseError
         end
 
         def delete(key, options={})
-          self.del(key)
+          del(key)
         rescue Redis::BaseError
         end
       end

data/lib/rack/attack/throttle.rb

@@ -1,7 +1,8 @@
 module Rack
   class Attack
     class Throttle
-      MANDATORY_OPTIONS = [:limit, :period]
+      MANDATORY_OPTIONS = [:limit, :period].freeze
+
       attr_reader :name, :limit, :period, :block, :type
       def initialize(name, options, block)
         @name, @block = name, block

data/lib/rack/attack/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class Attack
-    VERSION = '5.0.1'
+    VERSION = '5.1.0'
   end
 end

data/spec/acceptance/blocking_spec.rb

@@ -0,0 +1,21 @@
+require_relative "../spec_helper"
+
+describe "#blocklist" do
+  before do
+    Rack::Attack.blocklist("block 1.2.3.4") do |request|
+      request.ip == "1.2.3.4"
+    end
+  end
+
+  it "forbids request if blocklist condition is true" do
+    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_equal 403, last_response.status
+  end
+
+  it "succeeds if blocklist condition is false" do
+    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+
+    assert_equal 200, last_response.status
+  end
+end

data/spec/acceptance/safelisting_spec.rb

@@ -0,0 +1,37 @@
+require_relative "../spec_helper"
+
+describe "#safelist" do
+  before do
+    Rack::Attack.blocklist("block 1.2.3.4") do |request|
+      request.ip == "1.2.3.4"
+    end
+
+    Rack::Attack.safelist("safe path") do |request|
+      request.path == "/safe_space"
+    end
+  end
+
+  it "forbids request if blocklist condition is true and safelist is false" do
+    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_equal 403, last_response.status
+  end
+
+  it "succeeds if blocklist condition is false and safelist is false" do
+    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+
+    assert_equal 200, last_response.status
+  end
+
+  it "succeeds request if blocklist condition is false and safelist is true" do
+    get "/safe_space", {}, "REMOTE_ADDR" => "5.6.7.8"
+
+    assert_equal 200, last_response.status
+  end
+
+  it "succeeds request if both blocklist and safelist conditions are true" do
+    get "/safe_space", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_equal 200, last_response.status
+  end
+end

data/spec/acceptance/throttling_spec.rb

@@ -0,0 +1,30 @@
+require_relative "../spec_helper"
+require "timecop"
+
+describe "#throttle" do
+  it "allows one request per minute by IP" do
+    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
+
+    Rack::Attack.throttle("by ip", limit: 1, period: 60) do |request|
+      request.ip
+    end
+
+    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_equal 200, last_response.status
+
+    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_equal 429, last_response.status
+
+    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+
+    assert_equal 200, last_response.status
+
+    Timecop.travel(60) do
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+      assert_equal 200, last_response.status
+    end
+  end
+end

data/spec/allow2ban_spec.rb

@@ -1,4 +1,5 @@
 require_relative 'spec_helper'
+
 describe 'Rack::Attack.Allow2Ban' do
   before do
     # Use a long findtime; failures due to cache key rotation less likely
@@ -7,6 +8,7 @@ describe 'Rack::Attack.Allow2Ban' do
     @bantime  = 60
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
     @f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
+
     Rack::Attack.blocklist('pentest') do |req|
       Rack::Attack::Allow2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
     end
@@ -23,6 +25,7 @@ describe 'Rack::Attack.Allow2Ban' do
     describe 'making qualifying request' do
       describe 'when not at maxretry' do
         before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
         it 'succeeds' do
           last_response.status.must_equal 200
         end
@@ -58,7 +61,6 @@ describe 'Rack::Attack.Allow2Ban' do
           key = "rack::attack:allow2ban:ban:1.2.3.4"
           @cache.store.read(key).must_equal 1
         end
-
       end
     end
   end
@@ -116,6 +118,5 @@ describe 'Rack::Attack.Allow2Ban' do
         @cache.store.read(key).must_equal 1
       end
     end
-
   end
 end

data/spec/fail2ban_spec.rb

@@ -1,4 +1,5 @@
 require_relative 'spec_helper'
+
 describe 'Rack::Attack.Fail2Ban' do
   before do
     # Use a long findtime; failures due to cache key rotation less likely
@@ -7,6 +8,7 @@ describe 'Rack::Attack.Fail2Ban' do
     @bantime  = 60
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
     @f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
+
     Rack::Attack.blocklist('pentest') do |req|
       Rack::Attack::Fail2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
     end
@@ -23,6 +25,7 @@ describe 'Rack::Attack.Fail2Ban' do
     describe 'making failing request' do
       describe 'when not at maxretry' do
         before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
         it 'fails' do
           last_response.status.must_equal 403
         end
@@ -73,7 +76,7 @@ describe 'Rack::Attack.Fail2Ban' do
 
         it 'resets fail count' do
           key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
-          @cache.store.read(key).must_equal nil
+          assert_nil @cache.store.read(key)
         end
 
         it 'IP is not banned' do
@@ -136,6 +139,5 @@ describe 'Rack::Attack.Fail2Ban' do
         @cache.store.read(key).must_equal 1
       end
     end
-
   end
 end

data/spec/integration/offline_spec.rb

@@ -4,7 +4,6 @@ require 'dalli'
 require_relative '../spec_helper'
 
 OfflineExamples = Minitest::SharedExamples.new do
-
   it 'should write' do
     @cache.write('cache-test-key', 'foobar', 1)
   end
@@ -16,7 +15,6 @@ OfflineExamples = Minitest::SharedExamples.new do
   it 'should count' do
     @cache.send(:do_count, 'rack::attack::cache-test-key', 1)
   end
-
 end
 
 describe 'when Redis is offline' do
@@ -27,7 +25,6 @@ describe 'when Redis is offline' do
     # Use presumably unused port for Redis client
     @cache.store = ActiveSupport::Cache::RedisStore.new(:host => '127.0.0.1', :port => 3333)
   }
-
 end
 
 describe 'when Memcached is offline' do
@@ -43,5 +40,4 @@ describe 'when Memcached is offline' do
   after {
     Dalli.logger.level = Logger::INFO
   }
-
 end

data/spec/integration/rack_attack_cache_spec.rb

@@ -1,7 +1,6 @@
 require_relative '../spec_helper'
 
 describe Rack::Attack::Cache do
-
   # A convenience method for deleting a key from cache.
   # Slightly differnet than @cache.delete, which adds a prefix.
   def delete(key)
@@ -20,6 +19,7 @@ describe Rack::Attack::Cache do
   require 'active_support/cache/mem_cache_store'
   require 'active_support/cache/redis_store'
   require 'connection_pool'
+
   cache_stores = [
     ActiveSupport::Cache::MemoryStore.new,
     ActiveSupport::Cache::DalliStore.new("127.0.0.1"),
@@ -32,8 +32,8 @@ describe Rack::Attack::Cache do
 
   cache_stores.each do |store|
     store = Rack::Attack::StoreProxy.build(store)
-    describe "with #{store.class}" do
 
+    describe "with #{store.class}" do
       before {
         @cache = Rack::Attack::Cache.new
         @key = "rack::attack:cache-test-key"
@@ -92,7 +92,7 @@ describe Rack::Attack::Cache do
           store.write(@key, "foobar", :expires_in => @expires_in)
           @cache.read('cache-test-key').must_equal "foobar"
           store.delete(@key)
-          @cache.read('cache-test-key').must_equal nil
+          assert_nil @cache.read('cache-test-key')
         end
       end
 
@@ -113,10 +113,9 @@ describe Rack::Attack::Cache do
           period_key, _ = @cache.send(:key_and_expiry, 'cache-test-key', period)
           store.read(period_key).to_i.must_equal 1
           @cache.reset_count(unprefixed_key, period)
-          store.read(period_key).must_equal nil
+          assert_nil store.read(period_key)
         end
       end
     end
-
   end
 end

data/spec/rack_attack_request_spec.rb

@@ -14,6 +14,6 @@ describe 'Rack::Attack' do
       end
     end
 
-    allow_ok_requests
+    it_allows_ok_requests
   end
 end

data/spec/rack_attack_spec.rb

@@ -1,7 +1,7 @@
 require_relative 'spec_helper'
 
 describe 'Rack::Attack' do
-  allow_ok_requests
+  it_allows_ok_requests
 
   describe 'normalizing paths' do
     before do
@@ -33,17 +33,18 @@ describe 'Rack::Attack' do
 
     describe "a bad request" do
       before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }
+
       it "should return a blocklist response" do
-        get '/', {}, 'REMOTE_ADDR' => @bad_ip
         last_response.status.must_equal 403
         last_response.body.must_equal "Forbidden\n"
       end
+
       it "should tag the env" do
         last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}"
         last_request.env['rack.attack.match_type'].must_equal :blocklist
       end
 
-      allow_ok_requests
+      it_allows_ok_requests
     end
 
     describe "and safelist" do
@@ -52,7 +53,7 @@ describe 'Rack::Attack' do
         Rack::Attack.safelist("good ua") {|req| req.user_agent == @good_ua }
       end
 
-      it('has a safelist'){ Rack::Attack.safelists.key?("good ua") }
+      it('has a safelist') { Rack::Attack.safelists.key?("good ua") }
 
       it('has a whitelist with a deprication warning') {
         _, stderror  = capture_io do
@@ -63,10 +64,11 @@ describe 'Rack::Attack' do
 
       describe "with a request match both safelist & blocklist" do
         before { get '/', {}, 'REMOTE_ADDR' => @bad_ip, 'HTTP_USER_AGENT' => @good_ua }
+
         it "should allow safelists before blocklists" do
-          get '/', {}, 'REMOTE_ADDR' => @bad_ip, 'HTTP_USER_AGENT' => @good_ua
           last_response.status.must_equal 200
         end
+
         it "should tag the env" do
           last_request.env['rack.attack.matched'].must_equal 'good ua'
           last_request.env['rack.attack.match_type'].must_equal :safelist
@@ -84,7 +86,6 @@ describe 'Rack::Attack' do
           Rack::Attack.blacklisted_response
         end
         assert_match "[DEPRECATION] 'Rack::Attack.blacklisted_response' is deprecated.  Please use 'blocklisted_response' instead.", stderror
-
       end
     end
 
@@ -93,7 +94,5 @@ describe 'Rack::Attack' do
         Rack::Attack.throttled_response.must_respond_to :call
       end
     end
-
   end
-
 end

data/spec/rack_attack_store_config_spec.rb

@@ -0,0 +1,20 @@
+require_relative 'spec_helper'
+
+describe 'Store configuration' do
+  it "gives clear error when store it's not configured if it's needed" do
+    Rack::Attack.throttle('ip/sec', limit: 1, period: 60) { |req| req.ip }
+
+    assert_raises(Rack::Attack::MissingStoreError) do
+      get '/'
+    end
+  end
+
+  it "gives clear error when store isn't configured properly" do
+    Rack::Attack.cache.store = Object.new
+    Rack::Attack.throttle('ip/sec', limit: 1, period: 60) { |req| req.ip }
+
+    assert_raises(Rack::Attack::MisconfiguredStoreError) do
+      get '/'
+    end
+  end
+end

data/spec/rack_attack_throttle_spec.rb

@@ -1,4 +1,5 @@
 require_relative 'spec_helper'
+
 describe 'Rack::Attack.throttle' do
   before do
     @period = 60 # Use a long period; failures due to cache key rotation less likely
@@ -6,11 +7,13 @@ describe 'Rack::Attack.throttle' do
     Rack::Attack.throttle('ip/sec', :limit => 1, :period => @period) { |req| req.ip }
   end
 
-  it('should have a throttle'){ Rack::Attack.throttles.key?('ip/sec') }
-  allow_ok_requests
+  it('should have a throttle') { Rack::Attack.throttles.key?('ip/sec') }
+
+  it_allows_ok_requests
 
   describe 'a single request' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
     it 'should set the counter for one request' do
       key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
       Rack::Attack.cache.store.read(key).must_equal 1
@@ -21,19 +24,23 @@ describe 'Rack::Attack.throttle' do
       last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
     end
   end
+
   describe "with 2 requests" do
     before do
       2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
     end
+
     it 'should block the last request' do
       last_response.status.must_equal 429
     end
+
     it 'should tag the env' do
       last_request.env['rack.attack.matched'].must_equal 'ip/sec'
       last_request.env['rack.attack.match_type'].must_equal :throttle
       last_request.env['rack.attack.match_data'].must_equal({:count => 2, :limit => 1, :period => @period})
       last_request.env['rack.attack.match_discriminator'].must_equal('1.2.3.4')
     end
+
     it 'should set a Retry-After header' do
       last_response.headers['Retry-After'].must_equal @period.to_s
     end
@@ -47,10 +54,11 @@ describe 'Rack::Attack.throttle with limit as proc' do
     Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => @period) { |req| req.ip }
   end
 
-  allow_ok_requests
+  it_allows_ok_requests
 
   describe 'a single request' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
     it 'should set the counter for one request' do
       key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
       Rack::Attack.cache.store.read(key).must_equal 1
@@ -70,10 +78,11 @@ describe 'Rack::Attack.throttle with period as proc' do
     Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => lambda { |req| @period }) { |req| req.ip }
   end
 
-  allow_ok_requests
+  it_allows_ok_requests
 
   describe 'a single request' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
     it 'should set the counter for one request' do
       key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
       Rack::Attack.cache.store.read(key).must_equal 1
@@ -93,17 +102,18 @@ describe 'Rack::Attack.throttle with block retuning nil' do
     Rack::Attack.throttle('ip/sec', :limit => 1, :period => @period) { |_| nil }
   end
 
-  allow_ok_requests
+  it_allows_ok_requests
 
   describe 'a single request' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
     it 'should not set the counter' do
       key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
-      Rack::Attack.cache.store.read(key).must_equal nil
+      assert_nil Rack::Attack.cache.store.read(key)
     end
 
     it 'should not populate throttle data' do
-      last_request.env['rack.attack.throttle_data'].must_equal nil
+      assert_nil last_request.env['rack.attack.throttle_data']
     end
   end
-end
+end

data/spec/rack_attack_track_spec.rb

@@ -18,7 +18,9 @@ describe 'Rack::Attack.track' do
   before do
     Rack::Attack.track("everything"){ |req| true }
   end
-  allow_ok_requests
+
+  it_allows_ok_requests
+
   it "should tag the env" do
     get '/'
     last_request.env['rack.attack.matched'].must_equal 'everything'
@@ -34,6 +36,7 @@ describe 'Rack::Attack.track' do
       ActiveSupport::Notifications.subscribe("rack.attack") do |*args|
         Counter.incr
       end
+
       get "/"
     end
 

data/spec/spec_helper.rb

@@ -7,9 +7,6 @@ require "rack/test"
 require 'active_support'
 require 'action_dispatch'
 
-# Load Journey for Rails 3.2
-require 'journey' if ActionPack::VERSION::MAJOR == 3
-
 require "rack/attack"
 
 begin
@@ -22,16 +19,23 @@ class MiniTest::Spec
 
   include Rack::Test::Methods
 
-  after { Rack::Attack.clear! }
+  after do
+    Rack::Attack.clear!
+    Rack::Attack.instance_variable_set(:@cache, nil)
+  end
 
   def app
     Rack::Builder.new {
+      # Use Rack::Lint to test that rack-attack is complying with the rack spec
+      use Rack::Lint
       use Rack::Attack
+      use Rack::Lint
+
       run lambda {|env| [200, {}, ['Hello World']]}
     }.to_app
   end
 
-  def self.allow_ok_requests
+  def self.it_allows_ok_requests
     it "must allow ok requests" do
       get '/', {}, 'REMOTE_ADDR' => '127.0.0.1'
       last_response.status.must_equal 200

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-attack
 version: !ruby/object:Gem::Version
-  version: 5.0.1
+  version: 5.1.0
 platform: ruby
 authors:
 - Aaron Suggs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-11 00:00:00.000000000 Z
+date: 2018-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -164,6 +164,62 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A rack middleware for throttling and blocking abusive requests
 email: aaron@ktheory.com
 executables: []
@@ -188,6 +244,9 @@ files:
 - lib/rack/attack/throttle.rb
 - lib/rack/attack/track.rb
 - lib/rack/attack/version.rb
+- spec/acceptance/blocking_spec.rb
+- spec/acceptance/safelisting_spec.rb
+- spec/acceptance/throttling_spec.rb
 - spec/allow2ban_spec.rb
 - spec/fail2ban_spec.rb
 - spec/integration/offline_spec.rb
@@ -196,6 +255,7 @@ files:
 - spec/rack_attack_path_normalizer_spec.rb
 - spec/rack_attack_request_spec.rb
 - spec/rack_attack_spec.rb
+- spec/rack_attack_store_config_spec.rb
 - spec/rack_attack_throttle_spec.rb
 - spec/rack_attack_track_spec.rb
 - spec/spec_helper.rb
@@ -220,19 +280,23 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.7.3
 signing_key: 
 specification_version: 4
 summary: Block & throttle abusive requests
 test_files:
-- spec/allow2ban_spec.rb
-- spec/fail2ban_spec.rb
+- spec/spec_helper.rb
+- spec/rack_attack_store_config_spec.rb
+- spec/rack_attack_throttle_spec.rb
+- spec/rack_attack_spec.rb
 - spec/integration/offline_spec.rb
 - spec/integration/rack_attack_cache_spec.rb
+- spec/rack_attack_track_spec.rb
+- spec/fail2ban_spec.rb
 - spec/rack_attack_dalli_proxy_spec.rb
 - spec/rack_attack_path_normalizer_spec.rb
+- spec/acceptance/throttling_spec.rb
+- spec/acceptance/blocking_spec.rb
+- spec/acceptance/safelisting_spec.rb
 - spec/rack_attack_request_spec.rb
-- spec/rack_attack_spec.rb
-- spec/rack_attack_throttle_spec.rb
-- spec/rack_attack_track_spec.rb
-- spec/spec_helper.rb
+- spec/allow2ban_spec.rb