rack-attack 5.1.0 → 5.2.0

data/spec/acceptance/track_spec.rb

@@ -0,0 +1,27 @@
+require_relative "../spec_helper"
+
+describe "#track" do
+  it "notifies when track block returns true" do
+    Rack::Attack.track("ip 1.2.3.4") do |request|
+      request.ip == "1.2.3.4"
+    end
+
+    notification_matched = nil
+    notification_type = nil
+
+    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, request|
+      notification_matched = request.env["rack.attack.matched"]
+      notification_type = request.env["rack.attack.match_type"]
+    end
+
+    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+
+    assert_nil notification_matched
+    assert_nil notification_type
+
+    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_equal "ip 1.2.3.4", notification_matched
+    assert_equal :track, notification_type
+  end
+end

data/spec/acceptance/track_throttle_spec.rb

@@ -0,0 +1,53 @@
+require_relative "../spec_helper"
+require "timecop"
+
+describe "#track with throttle-ish options" do
+  it "notifies when throttle goes over the limit without actually throttling requests" do
+    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
+
+    Rack::Attack.track("by ip", limit: 1, period: 60) do |request|
+      request.ip
+    end
+
+    notification_matched = nil
+    notification_type = nil
+
+    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, request|
+      notification_matched = request.env["rack.attack.matched"]
+      notification_type = request.env["rack.attack.match_type"]
+    end
+
+    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_nil notification_matched
+    assert_nil notification_type
+
+    assert_equal 200, last_response.status
+
+    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+
+    assert_nil notification_matched
+    assert_nil notification_type
+
+    assert_equal 200, last_response.status
+
+    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_equal "by ip", notification_matched
+    assert_equal :track, notification_type
+
+    assert_equal 200, last_response.status
+
+    Timecop.travel(60) do
+      notification_matched = nil
+      notification_type = nil
+
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+      assert_nil notification_matched
+      assert_nil notification_type
+
+      assert_equal 200, last_response.status
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -15,13 +15,25 @@ rescue LoadError
   #nothing to do here
 end
 
+if RUBY_ENGINE == "ruby"
+  require "byebug"
+end
+
 class MiniTest::Spec
 
   include Rack::Test::Methods
 
+  before do
+    @_original_throttled_response = Rack::Attack.throttled_response
+    @_original_blocklisted_response = Rack::Attack.blocklisted_response
+  end
+
   after do
     Rack::Attack.clear!
     Rack::Attack.instance_variable_set(:@cache, nil)
+
+    Rack::Attack.throttled_response = @_original_throttled_response
+    Rack::Attack.blocklisted_response = @_original_blocklisted_response
   end
 
   def app

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-attack
 version: !ruby/object:Gem::Version
-  version: 5.1.0
+  version: 5.2.0
 platform: ruby
 authors:
 - Aaron Suggs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-10 00:00:00.000000000 Z
+date: 2018-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-stub-const
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -220,6 +234,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A rack middleware for throttling and blocking abusive requests
 email: aaron@ktheory.com
 executables: []
@@ -244,9 +272,24 @@ files:
 - lib/rack/attack/throttle.rb
 - lib/rack/attack/track.rb
 - lib/rack/attack/version.rb
+- spec/acceptance/allow2ban_spec.rb
+- spec/acceptance/blocking_ip_spec.rb
 - spec/acceptance/blocking_spec.rb
+- spec/acceptance/blocking_subnet_spec.rb
+- spec/acceptance/cache_store_config_for_allow2ban_spec.rb
+- spec/acceptance/cache_store_config_for_fail2ban_spec.rb
+- spec/acceptance/cache_store_config_for_throttle_spec.rb
+- spec/acceptance/cache_store_config_with_rails_spec.rb
+- spec/acceptance/customizing_blocked_response_spec.rb
+- spec/acceptance/customizing_throttled_response_spec.rb
+- spec/acceptance/extending_request_object_spec.rb
+- spec/acceptance/fail2ban_spec.rb
+- spec/acceptance/safelisting_ip_spec.rb
 - spec/acceptance/safelisting_spec.rb
+- spec/acceptance/safelisting_subnet_spec.rb
 - spec/acceptance/throttling_spec.rb
+- spec/acceptance/track_spec.rb
+- spec/acceptance/track_throttle_spec.rb
 - spec/allow2ban_spec.rb
 - spec/fail2ban_spec.rb
 - spec/integration/offline_spec.rb
@@ -255,7 +298,6 @@ files:
 - spec/rack_attack_path_normalizer_spec.rb
 - spec/rack_attack_request_spec.rb
 - spec/rack_attack_spec.rb
-- spec/rack_attack_store_config_spec.rb
 - spec/rack_attack_throttle_spec.rb
 - spec/rack_attack_track_spec.rb
 - spec/spec_helper.rb
@@ -286,7 +328,6 @@ specification_version: 4
 summary: Block & throttle abusive requests
 test_files:
 - spec/spec_helper.rb
-- spec/rack_attack_store_config_spec.rb
 - spec/rack_attack_throttle_spec.rb
 - spec/rack_attack_spec.rb
 - spec/integration/offline_spec.rb
@@ -295,8 +336,23 @@ test_files:
 - spec/fail2ban_spec.rb
 - spec/rack_attack_dalli_proxy_spec.rb
 - spec/rack_attack_path_normalizer_spec.rb
+- spec/acceptance/safelisting_subnet_spec.rb
+- spec/acceptance/track_throttle_spec.rb
+- spec/acceptance/blocking_ip_spec.rb
+- spec/acceptance/track_spec.rb
+- spec/acceptance/fail2ban_spec.rb
+- spec/acceptance/safelisting_ip_spec.rb
+- spec/acceptance/cache_store_config_for_fail2ban_spec.rb
 - spec/acceptance/throttling_spec.rb
 - spec/acceptance/blocking_spec.rb
+- spec/acceptance/customizing_blocked_response_spec.rb
+- spec/acceptance/cache_store_config_for_throttle_spec.rb
+- spec/acceptance/blocking_subnet_spec.rb
+- spec/acceptance/customizing_throttled_response_spec.rb
+- spec/acceptance/allow2ban_spec.rb
+- spec/acceptance/cache_store_config_for_allow2ban_spec.rb
+- spec/acceptance/cache_store_config_with_rails_spec.rb
+- spec/acceptance/extending_request_object_spec.rb
 - spec/acceptance/safelisting_spec.rb
 - spec/rack_attack_request_spec.rb
 - spec/allow2ban_spec.rb

data/spec/rack_attack_store_config_spec.rb

@@ -1,20 +0,0 @@
-require_relative 'spec_helper'
-
-describe 'Store configuration' do
-  it "gives clear error when store it's not configured if it's needed" do
-    Rack::Attack.throttle('ip/sec', limit: 1, period: 60) { |req| req.ip }
-
-    assert_raises(Rack::Attack::MissingStoreError) do
-      get '/'
-    end
-  end
-
-  it "gives clear error when store isn't configured properly" do
-    Rack::Attack.cache.store = Object.new
-    Rack::Attack.throttle('ip/sec', limit: 1, period: 60) { |req| req.ip }
-
-    assert_raises(Rack::Attack::MisconfiguredStoreError) do
-      get '/'
-    end
-  end
-end