rack-attack 5.4.1 → 6.2.1

data/spec/rack_attack_track_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'spec_helper'
 
 describe 'Rack::Attack.track' do
@@ -23,8 +25,9 @@ describe 'Rack::Attack.track' do
 
   it "should tag the env" do
     get '/'
-    last_request.env['rack.attack.matched'].must_equal 'everything'
-    last_request.env['rack.attack.match_type'].must_equal :track
+
+    _(last_request.env['rack.attack.matched']).must_equal 'everything'
+    _(last_request.env['rack.attack.match_type']).must_equal :track
   end
 
   describe "with a notification subscriber and two tracks" do
@@ -33,7 +36,7 @@ describe 'Rack::Attack.track' do
       # A second track
       Rack::Attack.track("homepage") { |req| req.path == "/" }
 
-      ActiveSupport::Notifications.subscribe("rack.attack") do |*_args|
+      ActiveSupport::Notifications.subscribe("track.rack_attack") do |*_args|
         Counter.incr
       end
 
@@ -41,21 +44,23 @@ describe 'Rack::Attack.track' do
     end
 
     it "should notify twice" do
-      Counter.check.must_equal 2
+      _(Counter.check).must_equal 2
     end
   end
 
   describe "without limit and period options" do
     it "should assign the track filter to a Check instance" do
       track = Rack::Attack.track("homepage") { |req| req.path == "/" }
-      track.filter.class.must_equal Rack::Attack::Check
+
+      _(track.filter.class).must_equal Rack::Attack::Check
     end
   end
 
   describe "with limit and period options" do
     it "should assign the track filter to a Throttle instance" do
-      track = Rack::Attack.track("homepage", :limit => 10, :period => 10) { |req| req.path == "/" }
-      track.filter.class.must_equal Rack::Attack::Throttle
+      track = Rack::Attack.track("homepage", limit: 10, period: 10) { |req| req.path == "/" }
+
+      _(track.filter.class).must_equal Rack::Attack::Throttle
     end
   end
 end

data/spec/spec_helper.rb

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
+
 require "bundler/setup"
 
 require "minitest/autorun"
 require "minitest/pride"
 require "rack/test"
-require 'active_support'
-require 'action_dispatch'
+require "rails"
 
 require "rack/attack"
 
@@ -13,10 +14,9 @@ if RUBY_ENGINE == "ruby"
 end
 
 def safe_require(name)
-  begin
-    require name
-  rescue LoadError
-  end
+  require name
+rescue LoadError
+  nil
 end
 
 safe_require "connection_pool"
@@ -29,6 +29,7 @@ class MiniTest::Spec
   include Rack::Test::Methods
 
   before do
+    Rails.cache = nil
     @_original_throttled_response = Rack::Attack.throttled_response
     @_original_blocklisted_response = Rack::Attack.blocklisted_response
   end
@@ -45,6 +46,8 @@ class MiniTest::Spec
     Rack::Builder.new do
       # Use Rack::Lint to test that rack-attack is complying with the rack spec
       use Rack::Lint
+      # Intentionally added twice to test idempotence property
+      use Rack::Attack
       use Rack::Attack
       use Rack::Lint
 
@@ -55,8 +58,9 @@ class MiniTest::Spec
   def self.it_allows_ok_requests
     it "must allow ok requests" do
       get '/', {}, 'REMOTE_ADDR' => '127.0.0.1'
-      last_response.status.must_equal 200
-      last_response.body.must_equal 'Hello World'
+
+      _(last_response.status).must_equal 200
+      _(last_response.body).must_equal 'Hello World'
     end
   end
 end

data/spec/support/cache_store_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Minitest::Spec
   def self.it_works_for_cache_backed_features(options)
     fetch_from_store = options.fetch(:fetch_from_store)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-attack
 version: !ruby/object:Gem::Version
-  version: 5.4.1
+  version: 6.2.1
 platform: ruby
 authors:
 - Aaron Suggs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-29 00:00:00.000000000 Z
+date: 2019-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -48,16 +48,22 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.17'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '1.17'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -106,84 +112,90 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.58.2
+        version: 0.75.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.58.2
+        version: 0.75.0
 - !ruby/object:Gem::Dependency
-  name: timecop
+  name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.1
+        version: 1.5.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.1
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 0.9.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 0.9.1
 - !ruby/object:Gem::Dependency
-  name: actionpack
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '11.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '11.0'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.1'
 description: A rack middleware for throttling and blocking abusive requests
 email: aaron@ktheory.com
 executables: []
@@ -200,11 +212,12 @@ files:
 - lib/rack/attack/check.rb
 - lib/rack/attack/fail2ban.rb
 - lib/rack/attack/path_normalizer.rb
+- lib/rack/attack/railtie.rb
 - lib/rack/attack/request.rb
 - lib/rack/attack/safelist.rb
 - lib/rack/attack/store_proxy.rb
+- lib/rack/attack/store_proxy/active_support_redis_store_proxy.rb
 - lib/rack/attack/store_proxy/dalli_proxy.rb
-- lib/rack/attack/store_proxy/mem_cache_proxy.rb
 - lib/rack/attack/store_proxy/mem_cache_store_proxy.rb
 - lib/rack/attack/store_proxy/redis_cache_store_proxy.rb
 - lib/rack/attack/store_proxy/redis_proxy.rb
@@ -224,6 +237,7 @@ files:
 - spec/acceptance/customizing_throttled_response_spec.rb
 - spec/acceptance/extending_request_object_spec.rb
 - spec/acceptance/fail2ban_spec.rb
+- spec/acceptance/rails_middleware_spec.rb
 - spec/acceptance/safelisting_ip_spec.rb
 - spec/acceptance/safelisting_spec.rb
 - spec/acceptance/safelisting_subnet_spec.rb
@@ -245,6 +259,7 @@ files:
 - spec/fail2ban_spec.rb
 - spec/integration/offline_spec.rb
 - spec/rack_attack_dalli_proxy_spec.rb
+- spec/rack_attack_instrumentation_spec.rb
 - spec/rack_attack_path_normalizer_spec.rb
 - spec/rack_attack_request_spec.rb
 - spec/rack_attack_spec.rb
@@ -268,15 +283,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Block & throttle abusive requests
@@ -284,6 +298,7 @@ test_files:
 - spec/integration/offline_spec.rb
 - spec/rack_attack_path_normalizer_spec.rb
 - spec/acceptance/safelisting_subnet_spec.rb
+- spec/acceptance/rails_middleware_spec.rb
 - spec/acceptance/track_throttle_spec.rb
 - spec/acceptance/cache_store_config_for_fail2ban_spec.rb
 - spec/acceptance/cache_store_config_with_rails_spec.rb
@@ -314,6 +329,7 @@ test_files:
 - spec/acceptance/customizing_blocked_response_spec.rb
 - spec/spec_helper.rb
 - spec/allow2ban_spec.rb
+- spec/rack_attack_instrumentation_spec.rb
 - spec/rack_attack_dalli_proxy_spec.rb
 - spec/rack_attack_spec.rb
 - spec/rack_attack_throttle_spec.rb

data/lib/rack/attack/store_proxy/mem_cache_proxy.rb

@@ -1,50 +0,0 @@
-module Rack
-  class Attack
-    module StoreProxy
-      class MemCacheProxy < SimpleDelegator
-        def self.handle?(store)
-          defined?(::MemCache) && store.is_a?(::MemCache)
-        end
-
-        def initialize(store)
-          super(store)
-          stub_with_if_missing
-        end
-
-        def read(key)
-          # Second argument: reading raw value
-          get(key, true)
-        rescue MemCache::MemCacheError
-        end
-
-        def write(key, value, options = {})
-          # Third argument: writing raw value
-          set(key, value, options.fetch(:expires_in, 0), true)
-        rescue MemCache::MemCacheError
-        end
-
-        def increment(key, amount, _options = {})
-          incr(key, amount)
-        rescue MemCache::MemCacheError
-        end
-
-        def delete(key, _options = {})
-          with do |client|
-            client.delete(key)
-          end
-        rescue MemCache::MemCacheError
-        end
-
-        private
-
-        def stub_with_if_missing
-          unless __getobj__.respond_to?(:with)
-            class << self
-              def with; yield __getobj__; end
-            end
-          end
-        end
-      end
-    end
-  end
-end