rack-attack 6.0.0 → 6.3.0

data/spec/fail2ban_spec.rb

@@ -20,7 +20,7 @@ describe 'Rack::Attack.Fail2Ban' do
     describe 'making ok request' do
       it 'succeeds' do
         get '/', {}, 'REMOTE_ADDR' => '1.2.3.4'
-        last_response.status.must_equal 200
+        _(last_response.status).must_equal 200
       end
     end
 
@@ -29,17 +29,17 @@ describe 'Rack::Attack.Fail2Ban' do
         before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
 
         it 'fails' do
-          last_response.status.must_equal 403
+          _(last_response.status).must_equal 403
         end
 
         it 'increases fail count' do
           key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
-          @cache.store.read(key).must_equal 1
+          _(@cache.store.read(key)).must_equal 1
         end
 
         it 'is not banned' do
           key = "rack::attack:fail2ban:1.2.3.4"
-          @cache.store.read(key).must_be_nil
+          _(@cache.store.read(key)).must_be_nil
         end
       end
 
@@ -51,17 +51,17 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'fails' do
-          last_response.status.must_equal 403
+          _(last_response.status).must_equal 403
         end
 
         it 'increases fail count' do
           key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
-          @cache.store.read(key).must_equal 2
+          _(@cache.store.read(key)).must_equal 2
         end
 
         it 'is banned' do
           key = "rack::attack:fail2ban:ban:1.2.3.4"
-          @cache.store.read(key).must_equal 1
+          _(@cache.store.read(key)).must_equal 1
         end
       end
 
@@ -73,7 +73,7 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'succeeds' do
-          last_response.status.must_equal 200
+          _(last_response.status).must_equal 200
         end
 
         it 'resets fail count' do
@@ -82,7 +82,7 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'IP is not banned' do
-          Rack::Attack::Fail2Ban.banned?('1.2.3.4').must_equal false
+          _(Rack::Attack::Fail2Ban.banned?('1.2.3.4')).must_equal false
         end
       end
     end
@@ -98,7 +98,8 @@ describe 'Rack::Attack.Fail2Ban' do
     describe 'making request for other discriminator' do
       it 'succeeds' do
         get '/', {}, 'REMOTE_ADDR' => '2.2.3.4'
-        last_response.status.must_equal 200
+
+        _(last_response.status).must_equal 200
       end
     end
 
@@ -108,17 +109,17 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'fails' do
-        last_response.status.must_equal 403
+        _(last_response.status).must_equal 403
       end
 
       it 'does not increase fail count' do
         key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
-        @cache.store.read(key).must_equal 2
+        _(@cache.store.read(key)).must_equal 2
       end
 
       it 'is still banned' do
         key = "rack::attack:fail2ban:ban:1.2.3.4"
-        @cache.store.read(key).must_equal 1
+        _(@cache.store.read(key)).must_equal 1
       end
     end
 
@@ -128,17 +129,17 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'fails' do
-        last_response.status.must_equal 403
+        _(last_response.status).must_equal 403
       end
 
       it 'does not increase fail count' do
         key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
-        @cache.store.read(key).must_equal 2
+        _(@cache.store.read(key)).must_equal 2
       end
 
       it 'is still banned' do
         key = "rack::attack:fail2ban:ban:1.2.3.4"
-        @cache.store.read(key).must_equal 1
+        _(@cache.store.read(key)).must_equal 1
       end
     end
   end

data/spec/integration/offline_spec.rb

@@ -13,7 +13,11 @@ OfflineExamples = Minitest::SharedExamples.new do
   end
 
   it 'should count' do
-    @cache.send(:do_count, 'rack::attack::cache-test-key', 1)
+    @cache.count('cache-test-key', 1)
+  end
+
+  it 'should delete' do
+    @cache.delete('cache-test-key')
   end
 end
 
@@ -29,6 +33,18 @@ if defined?(::ActiveSupport::Cache::RedisStore)
   end
 end
 
+if defined?(Redis) && defined?(ActiveSupport::Cache::RedisCacheStore) && Redis::VERSION >= '4'
+  describe 'when Redis is offline' do
+    include OfflineExamples
+
+    before do
+      @cache = Rack::Attack::Cache.new
+      # Use presumably unused port for Redis client
+      @cache.store = ActiveSupport::Cache::RedisCacheStore.new(host: '127.0.0.1', port: 3333)
+    end
+  end
+end
+
 if defined?(::Dalli)
   describe 'when Memcached is offline' do
     include OfflineExamples
@@ -45,3 +61,32 @@ if defined?(::Dalli)
     end
   end
 end
+
+if defined?(::Dalli) && defined?(::ActiveSupport::Cache::MemCacheStore)
+  describe 'when Memcached is offline' do
+    include OfflineExamples
+
+    before do
+      Dalli.logger.level = Logger::FATAL
+
+      @cache = Rack::Attack::Cache.new
+      @cache.store = ActiveSupport::Cache::MemCacheStore.new('127.0.0.1:22122')
+    end
+
+    after do
+      Dalli.logger.level = Logger::INFO
+    end
+  end
+end
+
+if defined?(Redis)
+  describe 'when Redis is offline' do
+    include OfflineExamples
+
+    before do
+      @cache = Rack::Attack::Cache.new
+      # Use presumably unused port for Redis client
+      @cache.store = Redis.new(host: '127.0.0.1', port: 3333)
+    end
+  end
+end

data/spec/rack_attack_instrumentation_spec.rb

@@ -34,7 +34,7 @@ if ActiveSupport::VERSION::MAJOR > 3
       end
 
       it 'should instrument without error' do
-        last_response.status.must_equal 429
+        _(last_response.status).must_equal 429
         assert_equal 1, CustomSubscriber.notification_count
       end
     end

data/spec/rack_attack_path_normalizer_spec.rb

@@ -6,14 +6,14 @@ describe Rack::Attack::PathNormalizer do
   subject { Rack::Attack::PathNormalizer }
 
   it 'should have a normalize_path method' do
-    subject.normalize_path('/foo').must_equal '/foo'
+    _(subject.normalize_path('/foo')).must_equal '/foo'
   end
 
   describe 'FallbackNormalizer' do
     subject { Rack::Attack::FallbackPathNormalizer }
 
     it '#normalize_path does not change the path' do
-      subject.normalize_path('').must_equal ''
+      _(subject.normalize_path('')).must_equal ''
     end
   end
 end

data/spec/rack_attack_spec.rb

@@ -12,7 +12,7 @@ describe 'Rack::Attack' do
 
     it 'blocks requests with trailing slash' do
       get '/foo/'
-      last_response.status.must_equal 403
+      _(last_response.status).must_equal 403
     end
   end
 
@@ -22,21 +22,21 @@ describe 'Rack::Attack' do
       Rack::Attack.blocklist("ip #{@bad_ip}") { |req| req.ip == @bad_ip }
     end
 
-    it('has a blocklist') {
-      Rack::Attack.blocklists.key?("ip #{@bad_ip}").must_equal true
-    }
+    it 'has a blocklist' do
+      _(Rack::Attack.blocklists.key?("ip #{@bad_ip}")).must_equal true
+    end
 
     describe "a bad request" do
       before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }
 
       it "should return a blocklist response" do
-        last_response.status.must_equal 403
-        last_response.body.must_equal "Forbidden\n"
+        _(last_response.status).must_equal 403
+        _(last_response.body).must_equal "Forbidden\n"
       end
 
       it "should tag the env" do
-        last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}"
-        last_request.env['rack.attack.match_type'].must_equal :blocklist
+        _(last_request.env['rack.attack.matched']).must_equal "ip #{@bad_ip}"
+        _(last_request.env['rack.attack.match_type']).must_equal :blocklist
       end
 
       it_allows_ok_requests
@@ -54,25 +54,70 @@ describe 'Rack::Attack' do
         before { get '/', {}, 'REMOTE_ADDR' => @bad_ip, 'HTTP_USER_AGENT' => @good_ua }
 
         it "should allow safelists before blocklists" do
-          last_response.status.must_equal 200
+          _(last_response.status).must_equal 200
         end
 
         it "should tag the env" do
-          last_request.env['rack.attack.matched'].must_equal 'good ua'
-          last_request.env['rack.attack.match_type'].must_equal :safelist
+          _(last_request.env['rack.attack.matched']).must_equal 'good ua'
+          _(last_request.env['rack.attack.match_type']).must_equal :safelist
         end
       end
     end
 
     describe '#blocklisted_response' do
       it 'should exist' do
-        Rack::Attack.blocklisted_response.must_respond_to :call
+        _(Rack::Attack.blocklisted_response).must_respond_to :call
       end
     end
 
     describe '#throttled_response' do
       it 'should exist' do
-        Rack::Attack.throttled_response.must_respond_to :call
+        _(Rack::Attack.throttled_response).must_respond_to :call
+      end
+    end
+  end
+
+  describe 'enabled' do
+    it 'should be enabled by default' do
+      _(Rack::Attack.enabled).must_equal true
+    end
+
+    it 'should directly pass request when disabled' do
+      bad_ip = '1.2.3.4'
+      Rack::Attack.blocklist("ip #{bad_ip}") { |req| req.ip == bad_ip }
+
+      get '/', {}, 'REMOTE_ADDR' => bad_ip
+      _(last_response.status).must_equal 403
+
+      prev_enabled = Rack::Attack.enabled
+      begin
+        Rack::Attack.enabled = false
+        get '/', {}, 'REMOTE_ADDR' => bad_ip
+        _(last_response.status).must_equal 200
+      ensure
+        Rack::Attack.enabled = prev_enabled
+      end
+    end
+  end
+
+  describe 'reset!' do
+    it 'raises an error when is not supported by cache store' do
+      Rack::Attack.cache.store = Class.new
+      assert_raises(Rack::Attack::IncompatibleStoreError) do
+        Rack::Attack.reset!
+      end
+    end
+
+    if defined?(Redis)
+      it 'should delete rack attack keys' do
+        redis = Redis.new
+        redis.set('key', 'value')
+        redis.set("#{Rack::Attack.cache.prefix}::key", 'value')
+        Rack::Attack.cache.store = redis
+        Rack::Attack.reset!
+
+        _(redis.get('key')).must_equal 'value'
+        _(redis.get("#{Rack::Attack.cache.prefix}::key")).must_be_nil
       end
     end
   end

data/spec/rack_attack_throttle_spec.rb

@@ -18,12 +18,19 @@ describe 'Rack::Attack.throttle' do
 
     it 'should set the counter for one request' do
       key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
-      Rack::Attack.cache.store.read(key).must_equal 1
+      _(Rack::Attack.cache.store.read(key)).must_equal 1
     end
 
     it 'should populate throttle data' do
-      data = { count: 1, limit: 1, period: @period, epoch_time: Rack::Attack.cache.last_epoch_time.to_i }
-      last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
+      data = {
+        count: 1,
+        limit: 1,
+        period: @period,
+        epoch_time: Rack::Attack.cache.last_epoch_time.to_i,
+        discriminator: "1.2.3.4"
+      }
+
+      _(last_request.env['rack.attack.throttle_data']['ip/sec']).must_equal data
     end
   end
 
@@ -33,18 +40,22 @@ describe 'Rack::Attack.throttle' do
     end
 
     it 'should block the last request' do
-      last_response.status.must_equal 429
+      _(last_response.status).must_equal 429
     end
 
     it 'should tag the env' do
-      last_request.env['rack.attack.matched'].must_equal 'ip/sec'
-      last_request.env['rack.attack.match_type'].must_equal :throttle
-      last_request.env['rack.attack.match_data'].must_equal(count: 2, limit: 1, period: @period, epoch_time: Rack::Attack.cache.last_epoch_time.to_i)
-      last_request.env['rack.attack.match_discriminator'].must_equal('1.2.3.4')
-    end
-
-    it 'should set a Retry-After header' do
-      last_response.headers['Retry-After'].must_equal @period.to_s
+      _(last_request.env['rack.attack.matched']).must_equal 'ip/sec'
+      _(last_request.env['rack.attack.match_type']).must_equal :throttle
+
+      _(last_request.env['rack.attack.match_data']).must_equal(
+        count: 2,
+        limit: 1,
+        period: @period,
+        epoch_time: Rack::Attack.cache.last_epoch_time.to_i,
+        discriminator: "1.2.3.4"
+      )
+
+      _(last_request.env['rack.attack.match_discriminator']).must_equal('1.2.3.4')
     end
   end
 end
@@ -63,12 +74,19 @@ describe 'Rack::Attack.throttle with limit as proc' do
 
     it 'should set the counter for one request' do
       key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
-      Rack::Attack.cache.store.read(key).must_equal 1
+      _(Rack::Attack.cache.store.read(key)).must_equal 1
     end
 
     it 'should populate throttle data' do
-      data = { count: 1, limit: 1, period: @period, epoch_time: Rack::Attack.cache.last_epoch_time.to_i }
-      last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
+      data = {
+        count: 1,
+        limit: 1,
+        period: @period,
+        epoch_time: Rack::Attack.cache.last_epoch_time.to_i,
+        discriminator: "1.2.3.4"
+      }
+
+      _(last_request.env['rack.attack.throttle_data']['ip/sec']).must_equal data
     end
   end
 end
@@ -87,12 +105,19 @@ describe 'Rack::Attack.throttle with period as proc' do
 
     it 'should set the counter for one request' do
       key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
-      Rack::Attack.cache.store.read(key).must_equal 1
+      _(Rack::Attack.cache.store.read(key)).must_equal 1
     end
 
     it 'should populate throttle data' do
-      data = { count: 1, limit: 1, period: @period, epoch_time: Rack::Attack.cache.last_epoch_time.to_i }
-      last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
+      data = {
+        count: 1,
+        limit: 1,
+        period: @period,
+        epoch_time: Rack::Attack.cache.last_epoch_time.to_i,
+        discriminator: "1.2.3.4"
+      }
+
+      _(last_request.env['rack.attack.throttle_data']['ip/sec']).must_equal data
     end
   end
 end

data/spec/rack_attack_track_spec.rb

@@ -25,8 +25,9 @@ describe 'Rack::Attack.track' do
 
   it "should tag the env" do
     get '/'
-    last_request.env['rack.attack.matched'].must_equal 'everything'
-    last_request.env['rack.attack.match_type'].must_equal :track
+
+    _(last_request.env['rack.attack.matched']).must_equal 'everything'
+    _(last_request.env['rack.attack.match_type']).must_equal :track
   end
 
   describe "with a notification subscriber and two tracks" do
@@ -43,21 +44,23 @@ describe 'Rack::Attack.track' do
     end
 
     it "should notify twice" do
-      Counter.check.must_equal 2
+      _(Counter.check).must_equal 2
     end
   end
 
   describe "without limit and period options" do
     it "should assign the track filter to a Check instance" do
       track = Rack::Attack.track("homepage") { |req| req.path == "/" }
-      track.filter.class.must_equal Rack::Attack::Check
+
+      _(track.filter.class).must_equal Rack::Attack::Check
     end
   end
 
   describe "with limit and period options" do
     it "should assign the track filter to a Throttle instance" do
       track = Rack::Attack.track("homepage", limit: 10, period: 10) { |req| req.path == "/" }
-      track.filter.class.must_equal Rack::Attack::Throttle
+
+      _(track.filter.class).must_equal Rack::Attack::Throttle
     end
   end
 end