rack-attack 6.6.1 → 6.8.0

data/spec/acceptance/safelisting_spec.rb

@@ -3,6 +3,8 @@
 require_relative "../spec_helper"
 
 describe "#safelist" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist do |request|
       request.ip == "1.2.3.4"
@@ -38,23 +40,23 @@ describe "#safelist" do
   end
 
   it "notifies when the request is safe" do
-    notification_matched = nil
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
-      notification_matched = payload[:request].env["rack.attack.matched"]
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/safe_space", {}, "REMOTE_ADDR" => "1.2.3.4"
 
     assert_equal 200, last_response.status
-    assert_nil notification_matched
-    assert_equal :safelist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_nil notification[:request].env["rack.attack.matched"]
+    assert_equal :safelist, notification[:request].env["rack.attack.match_type"]
   end
 end
 
 describe "#safelist with name" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist("block 1.2.3.4") do |request|
       request.ip == "1.2.3.4"
@@ -90,18 +92,16 @@ describe "#safelist with name" do
   end
 
   it "notifies when the request is safe" do
-    notification_matched = nil
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("safelist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notification_matched = payload[:request].env["rack.attack.matched"]
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/safe_space", {}, "REMOTE_ADDR" => "1.2.3.4"
 
     assert_equal 200, last_response.status
-    assert_equal "safe path", notification_matched
-    assert_equal :safelist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal "safe path", notification[:request].env["rack.attack.matched"]
+    assert_equal :safelist, notification[:request].env["rack.attack.match_type"]
   end
 end

data/spec/acceptance/safelisting_subnet_spec.rb

@@ -3,6 +3,8 @@
 require_relative "../spec_helper"
 
 describe "Safelisting an IP subnet" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist("admin") do |request|
       request.path == "/admin"
@@ -36,15 +38,15 @@ describe "Safelisting an IP subnet" do
   end
 
   it "notifies when the request is safe" do
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("safelist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/admin", {}, "REMOTE_ADDR" => "5.6.0.0"
 
     assert_equal 200, last_response.status
-    assert_equal :safelist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal :safelist, notification[:request].env["rack.attack.match_type"]
   end
 end

data/spec/acceptance/stores/active_support_mem_cache_store_pooled_spec.rb

@@ -4,11 +4,14 @@ require_relative "../../spec_helper"
 
 if defined?(::ConnectionPool) && defined?(::Dalli)
   require_relative "../../support/cache_store_helper"
-  require "timecop"
 
   describe "ActiveSupport::Cache::MemCacheStore (pooled) as a cache backend" do
     before do
-      Rack::Attack.cache.store = ActiveSupport::Cache::MemCacheStore.new(pool_size: 2)
+      Rack::Attack.cache.store = if ActiveSupport.gem_version >= Gem::Version.new("7.2.0")
+                                   ActiveSupport::Cache::MemCacheStore.new(pool: true)
+                                 else
+                                   ActiveSupport::Cache::MemCacheStore.new(pool_size: 2)
+                                 end
     end
 
     after do

data/spec/acceptance/stores/active_support_mem_cache_store_spec.rb

@@ -4,7 +4,6 @@ require_relative "../../spec_helper"
 
 if defined?(::Dalli)
   require_relative "../../support/cache_store_helper"
-  require "timecop"
 
   describe "ActiveSupport::Cache::MemCacheStore as a cache backend" do
     before do

data/spec/acceptance/stores/active_support_memory_store_spec.rb

@@ -3,8 +3,6 @@
 require_relative "../../spec_helper"
 require_relative "../../support/cache_store_helper"
 
-require "timecop"
-
 describe "ActiveSupport::Cache::MemoryStore as a cache backend" do
   before do
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new

data/spec/acceptance/stores/active_support_redis_cache_store_pooled_spec.rb

@@ -10,11 +10,14 @@ should_run =
 
 if should_run
   require_relative "../../support/cache_store_helper"
-  require "timecop"
 
   describe "ActiveSupport::Cache::RedisCacheStore (pooled) as a cache backend" do
     before do
-      Rack::Attack.cache.store = ActiveSupport::Cache::RedisCacheStore.new(pool_size: 2)
+      Rack::Attack.cache.store = if ActiveSupport.gem_version >= Gem::Version.new("7.2.0")
+                                   ActiveSupport::Cache::RedisCacheStore.new(pool: true)
+                                 else
+                                   ActiveSupport::Cache::RedisCacheStore.new(pool_size: 2)
+                                 end
     end
 
     after do

data/spec/acceptance/stores/active_support_redis_cache_store_spec.rb

@@ -9,7 +9,6 @@ should_run =
 
 if should_run
   require_relative "../../support/cache_store_helper"
-  require "timecop"
 
   describe "ActiveSupport::Cache::RedisCacheStore as a cache backend" do
     before do

data/spec/acceptance/stores/connection_pool_dalli_client_spec.rb

@@ -6,7 +6,6 @@ if defined?(::Dalli) && defined?(::ConnectionPool)
   require_relative "../../support/cache_store_helper"
   require "connection_pool"
   require "dalli"
-  require "timecop"
 
   describe "ConnectionPool with Dalli::Client as a cache backend" do
     before do

data/spec/acceptance/stores/dalli_client_spec.rb

@@ -5,7 +5,6 @@ require_relative "../../spec_helper"
 if defined?(::Dalli)
   require_relative "../../support/cache_store_helper"
   require "dalli"
-  require "timecop"
 
   describe "Dalli::Client as a cache backend" do
     before do

data/spec/acceptance/stores/redis_spec.rb

@@ -4,7 +4,6 @@ require_relative "../../spec_helper"
 
 if defined?(::Redis)
   require_relative "../../support/cache_store_helper"
-  require "timecop"
 
   describe "Plain redis as a cache backend" do
     before do

data/spec/acceptance/stores/redis_store_spec.rb

@@ -4,9 +4,7 @@ require_relative "../../spec_helper"
 require_relative "../../support/cache_store_helper"
 
 if defined?(::Redis::Store)
-  require "timecop"
-
-  describe "ActiveSupport::Cache::RedisStore as a cache backend" do
+  describe "Redis::Store as a cache backend" do
     before do
       Rack::Attack.cache.store = ::Redis::Store.new
     end

data/spec/acceptance/throttling_spec.rb

@@ -4,6 +4,8 @@ require_relative "../spec_helper"
 require "timecop"
 
 describe "#throttle" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
   end
@@ -138,42 +140,31 @@ describe "#throttle" do
       request.ip
     end
 
-    notification_matched = nil
-    notification_type = nil
-    notification_data = nil
-    notification_discriminator = nil
-
     ActiveSupport::Notifications.subscribe("throttle.rack_attack") do |_name, _start, _finish, _id, payload|
-      notification_matched = payload[:request].env["rack.attack.matched"]
-      notification_type = payload[:request].env["rack.attack.match_type"]
-      notification_data = payload[:request].env['rack.attack.match_data']
-      notification_discriminator = payload[:request].env['rack.attack.match_discriminator']
+      notifications.push(payload)
     end
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
     assert_equal 200, last_response.status
-    assert_nil notification_matched
-    assert_nil notification_type
-    assert_nil notification_data
-    assert_nil notification_discriminator
+    assert notifications.empty?
 
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
     assert_equal 200, last_response.status
-    assert_nil notification_matched
-    assert_nil notification_type
-    assert_nil notification_data
-    assert_nil notification_discriminator
+    assert notifications.empty?
 
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
     assert_equal 429, last_response.status
-    assert_equal "by ip", notification_matched
-    assert_equal :throttle, notification_type
-    assert_equal 60, notification_data[:period]
-    assert_equal 1, notification_data[:limit]
-    assert_equal 2, notification_data[:count]
-    assert_equal "1.2.3.4", notification_discriminator
+
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal "by ip", notification[:request].env["rack.attack.matched"]
+    assert_equal :throttle, notification[:request].env["rack.attack.match_type"]
+    assert_equal 60, notification[:request].env["rack.attack.match_data"][:period]
+    assert_equal 1, notification[:request].env["rack.attack.match_data"][:limit]
+    assert_equal 2, notification[:request].env["rack.attack.match_data"][:count]
+    assert_equal "1.2.3.4", notification[:request].env["rack.attack.match_discriminator"]
   end
 end

data/spec/acceptance/track_spec.rb

@@ -3,27 +3,26 @@
 require_relative "../spec_helper"
 
 describe "#track" do
+  let(:notifications) { [] }
+
   it "notifies when track block returns true" do
     Rack::Attack.track("ip 1.2.3.4") do |request|
       request.ip == "1.2.3.4"
     end
 
-    notification_matched = nil
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("track.rack_attack") do |_name, _start, _finish, _id, payload|
-      notification_matched = payload[:request].env["rack.attack.matched"]
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    assert_nil notification_matched
-    assert_nil notification_type
+    assert notifications.empty?
 
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert_equal "ip 1.2.3.4", notification_matched
-    assert_equal :track, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal "ip 1.2.3.4", notification[:request].env["rack.attack.matched"]
+    assert_equal :track, notification[:request].env["rack.attack.match_type"]
   end
 end

data/spec/acceptance/track_throttle_spec.rb

@@ -4,6 +4,8 @@ require_relative "../spec_helper"
 require "timecop"
 
 describe "#track with throttle-ish options" do
+  let(:notifications) { [] }
+
   it "notifies when throttle goes over the limit without actually throttling requests" do
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
 
@@ -11,43 +13,35 @@ describe "#track with throttle-ish options" do
       request.ip
     end
 
-    notification_matched = nil
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("track.rack_attack") do |_name, _start, _finish, _id, payload|
-      notification_matched = payload[:request].env["rack.attack.matched"]
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert_nil notification_matched
-    assert_nil notification_type
+    assert notifications.empty?
 
     assert_equal 200, last_response.status
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    assert_nil notification_matched
-    assert_nil notification_type
+    assert notifications.empty?
 
     assert_equal 200, last_response.status
 
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert_equal "by ip", notification_matched
-    assert_equal :track, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal "by ip", notification[:request].env["rack.attack.matched"]
+    assert_equal :track, notification[:request].env["rack.attack.match_type"]
 
     assert_equal 200, last_response.status
 
     Timecop.travel(60) do
-      notification_matched = nil
-      notification_type = nil
-
       get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-      assert_nil notification_matched
-      assert_nil notification_type
+      assert notifications.empty?
 
       assert_equal 200, last_response.status
     end

data/spec/configuration_spec.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require_relative "spec_helper"
+
+describe Rack::Attack::Configuration do
+  subject { Rack::Attack::Configuration.new }
+
+  describe 'attributes' do
+    it 'exposes the safelists attribute' do
+      _(subject.safelists).must_equal({})
+    end
+
+    it 'exposes the blocklists attribute' do
+      _(subject.blocklists).must_equal({})
+    end
+
+    it 'exposes the throttles attribute' do
+      _(subject.throttles).must_equal({})
+    end
+
+    it 'exposes the tracks attribute' do
+      _(subject.tracks).must_equal({})
+    end
+
+    it 'exposes the anonymous_blocklists attribute' do
+      _(subject.anonymous_blocklists).must_equal([])
+    end
+
+    it 'exposes the anonymous_safelists attribute' do
+      _(subject.anonymous_safelists).must_equal([])
+    end
+  end
+end

data/spec/integration/offline_spec.rb

@@ -21,18 +21,6 @@ OfflineExamples = Minitest::SharedExamples.new do
   end
 end
 
-if defined?(::ActiveSupport::Cache::RedisStore)
-  describe 'when Redis is offline' do
-    include OfflineExamples
-
-    before do
-      @cache = Rack::Attack::Cache.new
-      # Use presumably unused port for Redis client
-      @cache.store = ActiveSupport::Cache::RedisStore.new(host: '127.0.0.1', port: 3333)
-    end
-  end
-end
-
 if defined?(Redis) && defined?(ActiveSupport::Cache::RedisCacheStore) && Redis::VERSION >= '4'
   describe 'when Redis is offline' do
     include OfflineExamples

data/spec/rack_attack_instrumentation_spec.rb

@@ -1,42 +1,39 @@
 # frozen_string_literal: true
 
 require_relative "spec_helper"
+require 'active_support'
+require 'active_support/subscriber'
 
-# ActiveSupport::Subscribers added in ~> 4.0.2.0
-if ActiveSupport::VERSION::MAJOR > 3
-  require_relative 'spec_helper'
-  require 'active_support/subscriber'
-  class CustomSubscriber < ActiveSupport::Subscriber
-    @notification_count = 0
+class CustomSubscriber < ActiveSupport::Subscriber
+  @notification_count = 0
 
-    class << self
-      attr_accessor :notification_count
-    end
+  class << self
+    attr_accessor :notification_count
+  end
 
-    def throttle(_event)
-      self.class.notification_count += 1
-    end
+  def throttle(_event)
+    self.class.notification_count += 1
   end
+end
 
-  describe 'Rack::Attack.instrument' do
-    before do
-      @period = 60 # Use a long period; failures due to cache key rotation less likely
-      Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
-      Rack::Attack.throttle('ip/sec', limit: 1, period: @period) { |req| req.ip }
-    end
+describe 'Rack::Attack.instrument' do
+  before do
+    @period = 60 # Use a long period; failures due to cache key rotation less likely
+    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
+    Rack::Attack.throttle('ip/sec', limit: 1, period: @period) { |req| req.ip }
+  end
 
-    describe "with throttling" do
-      before do
-        ActiveSupport::Notifications.stub(:notifier, ActiveSupport::Notifications::Fanout.new) do
-          CustomSubscriber.attach_to("rack_attack")
-          2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
-        end
+  describe "with throttling" do
+    before do
+      ActiveSupport::Notifications.stub(:notifier, ActiveSupport::Notifications::Fanout.new) do
+        CustomSubscriber.attach_to("rack_attack")
+        2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
       end
+    end
 
-      it 'should instrument without error' do
-        _(last_response.status).must_equal 429
-        assert_equal 1, CustomSubscriber.notification_count
-      end
+    it 'should instrument without error' do
+      _(last_response.status).must_equal 429
+      assert_equal 1, CustomSubscriber.notification_count
     end
   end
 end

data/spec/rack_attack_request_spec.rb

@@ -5,10 +5,8 @@ require_relative 'spec_helper'
 describe 'Rack::Attack' do
   describe 'helpers' do
     before do
-      class Rack::Attack::Request
-        def remote_ip
-          ip
-        end
+      Rack::Attack::Request.define_method :remote_ip do
+        ip
       end
 
       Rack::Attack.safelist('valid IP') do |req|

data/spec/rack_attack_reset_spec.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+require_relative "spec_helper"
+
+describe "Rack::Attack.reset!" do
+  it "raises an error when is not supported by cache store" do
+    Rack::Attack.cache.store = Class.new
+    assert_raises(Rack::Attack::IncompatibleStoreError) do
+      Rack::Attack.reset!
+    end
+  end
+
+  if defined?(Redis)
+    it "should delete rack attack keys" do
+      redis = Redis.new
+      redis.set("key", "value")
+      redis.set("#{Rack::Attack.cache.prefix}::key", "value")
+      Rack::Attack.cache.store = redis
+      Rack::Attack.reset!
+
+      _(redis.get("key")).must_equal "value"
+      _(redis.get("#{Rack::Attack.cache.prefix}::key")).must_be_nil
+    end
+  end
+
+  if defined?(Redis::Store)
+    it "should delete rack attack keys" do
+      redis_store = Redis::Store.new
+      redis_store.set("key", "value")
+      redis_store.set("#{Rack::Attack.cache.prefix}::key", "value")
+      Rack::Attack.cache.store = redis_store
+      Rack::Attack.reset!
+
+      _(redis_store.get("key")).must_equal "value"
+      _(redis_store.get("#{Rack::Attack.cache.prefix}::key")).must_be_nil
+    end
+  end
+
+  if defined?(Redis) && defined?(ActiveSupport::Cache::RedisCacheStore)
+    it "should delete rack attack keys" do
+      redis_cache_store = ActiveSupport::Cache::RedisCacheStore.new
+      redis_cache_store.write("key", "value")
+      redis_cache_store.write("#{Rack::Attack.cache.prefix}::key", "value")
+      Rack::Attack.cache.store = redis_cache_store
+      Rack::Attack.reset!
+
+      _(redis_cache_store.read("key")).must_equal "value"
+      _(redis_cache_store.read("#{Rack::Attack.cache.prefix}::key")).must_be_nil
+    end
+
+    describe "with a namespaced cache" do
+      it "should delete rack attack keys" do
+        redis_cache_store = ActiveSupport::Cache::RedisCacheStore.new(namespace: "ns")
+        redis_cache_store.write("key", "value")
+        redis_cache_store.write("#{Rack::Attack.cache.prefix}::key", "value")
+        Rack::Attack.cache.store = redis_cache_store
+        Rack::Attack.reset!
+
+        _(redis_cache_store.read("key")).must_equal "value"
+        _(redis_cache_store.read("#{Rack::Attack.cache.prefix}::key")).must_be_nil
+      end
+    end
+  end
+
+  if defined?(ActiveSupport::Cache::MemoryStore)
+    it "should delete rack attack keys" do
+      memory_store = ActiveSupport::Cache::MemoryStore.new
+      memory_store.write("key", "value")
+      memory_store.write("#{Rack::Attack.cache.prefix}::key", "value")
+      Rack::Attack.cache.store = memory_store
+      Rack::Attack.reset!
+
+      _(memory_store.read("key")).must_equal "value"
+      _(memory_store.read("#{Rack::Attack.cache.prefix}::key")).must_be_nil
+    end
+
+    describe "with a namespaced cache" do
+      it "should delete rack attack keys" do
+        memory_store = ActiveSupport::Cache::MemoryStore.new(namespace: "ns")
+        memory_store.write("key", "value")
+        memory_store.write("#{Rack::Attack.cache.prefix}::key", "value")
+        Rack::Attack.cache.store = memory_store
+        Rack::Attack.reset!
+
+        _(memory_store.read("key")).must_equal "value"
+        _(memory_store.read("#{Rack::Attack.cache.prefix}::key")).must_be_nil
+      end
+    end
+  end
+end

data/spec/rack_attack_spec.rb

@@ -11,6 +11,10 @@ describe 'Rack::Attack' do
     end
 
     it 'blocks requests with trailing slash' do
+      if Rack::Attack::PathNormalizer == Rack::Attack::FallbackPathNormalizer
+        skip "Normalization is only present on Rails"
+      end
+
       get '/foo/'
       _(last_response.status).must_equal 403
     end
@@ -99,26 +103,4 @@ describe 'Rack::Attack' do
       end
     end
   end
-
-  describe 'reset!' do
-    it 'raises an error when is not supported by cache store' do
-      Rack::Attack.cache.store = Class.new
-      assert_raises(Rack::Attack::IncompatibleStoreError) do
-        Rack::Attack.reset!
-      end
-    end
-
-    if defined?(Redis)
-      it 'should delete rack attack keys' do
-        redis = Redis.new
-        redis.set('key', 'value')
-        redis.set("#{Rack::Attack.cache.prefix}::key", 'value')
-        Rack::Attack.cache.store = redis
-        Rack::Attack.reset!
-
-        _(redis.get('key')).must_equal 'value'
-        _(redis.get("#{Rack::Attack.cache.prefix}::key")).must_be_nil
-      end
-    end
-  end
 end