rack-attack 2.3.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b294cc1911f079c5df74d5325e01fabd2a207498
-  data.tar.gz: 99306d1db94cfeab978bef7573e1455c0e2cc428
+  metadata.gz: ea9a8662af6ca32da955a04479518cefb8d391f1
+  data.tar.gz: a81aaf8306c6652e177d06ae0c6fd1ecc538e8fb
 SHA512:
-  metadata.gz: 12a543ddffa7cc24893c3ee302071738e8f9e39fe063e9b6610492c41d03ba5179c43bffe50ff182e880fd936a1d970ab9f6a0d6c536c2db77e89b555dd253d2
-  data.tar.gz: b439faf86fd536d941327aa03c0d4e2d344a527857f120e09e0ab0bdec9fbbcef686d716da9c56867d4ca277c20edf7d8313c6c79d7f01c4e09ff0d929092a7a
+  metadata.gz: 400df3037af9a335d07edd5968782300711c018ea01890e90a8802dc2c347a347c75b64c13433b81b8bb7345a87399a4765828ed1206c7c7ac4728c0b41fbb49
+  data.tar.gz: 1a37808e78845769b371341e20bd1c3f018d206b36c64e1b2569aa753375b2aa01460324e5a507579bb621b76ed7fd4e957c13c1809a9c7ac6d9c2d5bbecd097

data/README.md

@@ -18,28 +18,28 @@ See the [Backing & Hacking blog post](http://www.kickstarter.com/backing-and-hac
 Install the [rack-attack](http://rubygems.org/gems/rack-attack) gem; or add it to you Gemfile with bundler:
 
 ```ruby
-    # In your Gemfile
-    gem 'rack-attack'
+# In your Gemfile
+gem 'rack-attack'
 ```
 Tell your app to use the Rack::Attack middleware.
 For Rails 3+ apps:
 
 ```ruby
-    # In config/application.rb
-    config.middleware.use Rack::Attack
+# In config/application.rb
+config.middleware.use Rack::Attack
 ```
 
 Or for Rackup files:
 
 ```ruby
-    # In config.ru
-    use Rack::Attack
+# In config.ru
+use Rack::Attack
 ```
 
 Optionally configure the cache store for throttling:
 
 ```ruby
-    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new # defaults to Rails.cache
+Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new # defaults to Rails.cache
 ```
 
 Note that `Rack::Attack.cache` is only used for throttling; not blacklisting & whitelisting. Your cache store must implement `increment` and `write` like [ActiveSupport::Cache::Store](http://api.rubyonrails.org/classes/ActiveSupport/Cache/Store.html).
@@ -56,20 +56,20 @@ The Rack::Attack middleware compares each request against *whitelists*, *blackli
 The algorithm is actually more concise in code: See [Rack::Attack.call](https://github.com/kickstarter/rack-attack/blob/master/lib/rack/attack.rb):
 
 ```ruby
-    def call(env)
-      req = Rack::Request.new(env)
-
-      if whitelisted?(req)
-        @app.call(env)
-      elsif blacklisted?(req)
-        blacklisted_response[env]
-      elsif throttled?(req)
-        throttled_response[env]
-      else
-        tracked?(req)
-        @app.call(env)
-      end
-    end
+def call(env)
+  req = Rack::Request.new(env)
+
+  if whitelisted?(req)
+    @app.call(env)
+  elsif blacklisted?(req)
+    blacklisted_response[env]
+  elsif throttled?(req)
+    throttled_response[env]
+  else
+    tracked?(req)
+    @app.call(env)
+  end
+end
 ```
 
 ## About Tracks
@@ -85,27 +85,27 @@ A [Rack::Request](http://rack.rubyforge.org/doc/classes/Rack/Request.html) objec
 ### Whitelists
 
 ```ruby
-    # Always allow requests from localhost
-    # (blacklist & throttles are skipped)
-    Rack::Attack.whitelist('allow from localhost') do |req|
-      # Requests are allowed if the return value is truthy
-      '127.0.0.1' == req.ip
-    end
+# Always allow requests from localhost
+# (blacklist & throttles are skipped)
+Rack::Attack.whitelist('allow from localhost') do |req|
+  # Requests are allowed if the return value is truthy
+  '127.0.0.1' == req.ip
+end
 ```
 
 ### Blacklists
 
 ```ruby
-    # Block requests from 1.2.3.4
-    Rack::Attack.blacklist('block 1.2.3.4') do |req|
-      # Request are blocked if the return value is truthy
-      '1.2.3.4' == req.ip
-    end
-
-    # Block logins from a bad user agent
-    Rack::Attack.blacklist('block bad UA logins') do |req|
-      req.path == '/login' && req.post? && req.user_agent == 'BadUA'
-    end
+# Block requests from 1.2.3.4
+Rack::Attack.blacklist('block 1.2.3.4') do |req|
+  # Request are blocked if the return value is truthy
+  '1.2.3.4' == req.ip
+end
+
+# Block logins from a bad user agent
+Rack::Attack.blacklist('block bad UA logins') do |req|
+  req.path == '/login' && req.post? && req.user_agent == 'BadUA'
+end
 ```
 
 #### Fail2Ban
@@ -116,79 +116,79 @@ See the [fail2ban documentation](http://www.fail2ban.org/wiki/index.php/MANUAL_0
 how the parameters work.
 
 ```ruby
-    # Block requests containing '/etc/password' in the params.
-    # After 3 blocked requests in 10 minutes, block all requests from that IP for 5 minutes.
-    Rack::Attack.blacklist('fail2ban pentesters') do |req|
-      # `filter` returns truthy value if request fails, or if it's from a previously banned IP
-      # so the request is blocked
-      Rack::Attack::Fail2Ban.filter(req.ip, :maxretry => 3, :findtime => 10.minutes, :bantime => 5.minutes) do
-        # The count for the IP is incremented if the return value is truthy.
-        CGI.unescape(req.query_string) =~ %r{/etc/passwd}
-      end
-    end
+# Block requests containing '/etc/password' in the params.
+# After 3 blocked requests in 10 minutes, block all requests from that IP for 5 minutes.
+Rack::Attack.blacklist('fail2ban pentesters') do |req|
+  # `filter` returns truthy value if request fails, or if it's from a previously banned IP
+  # so the request is blocked
+  Rack::Attack::Fail2Ban.filter(req.ip, :maxretry => 3, :findtime => 10.minutes, :bantime => 5.minutes) do
+    # The count for the IP is incremented if the return value is truthy.
+    CGI.unescape(req.query_string) =~ %r{/etc/passwd}
+  end
+end
 ```
 
 #### Allow2Ban
 `Allow2Ban.filter` works the same way as the `Fail2Ban.filter` except that it *allows* requests from misbehaving
 clients until such time as they reach maxretry at which they are cut off as per normal.
 ```ruby
-    # Lockout IP addresses that are hammering your login page.
-    # After 20 requests in 1 minute, block all requests from that IP for 1 hour.
-    Rack::Attack.blacklist('allow2ban login scrapers') do |req|
-      # `filter` returns false value if request is to your login page (but still
-      # increments the count) so request below the limit are not blocked until
-      # they hit the limit.  At that point, filter will return true and block.
-      Rack::Attack::Allow2Ban.filter(req.ip, :maxretry => 20, :findtime => 1.minute, :bantime => 1.hour) do
-        # The count for the IP is incremented if the return value is truthy.
-        req.path = '/login' and req.method == 'post'
-      end
-    end
+# Lockout IP addresses that are hammering your login page.
+# After 20 requests in 1 minute, block all requests from that IP for 1 hour.
+Rack::Attack.blacklist('allow2ban login scrapers') do |req|
+  # `filter` returns false value if request is to your login page (but still
+  # increments the count) so request below the limit are not blocked until
+  # they hit the limit.  At that point, filter will return true and block.
+  Rack::Attack::Allow2Ban.filter(req.ip, :maxretry => 20, :findtime => 1.minute, :bantime => 1.hour) do
+    # The count for the IP is incremented if the return value is truthy.
+    req.path == '/login' and req.post?
+  end
+end
 ```
 
 
 ### Throttles
 
 ```ruby
-    # Throttle requests to 5 requests per second per ip
-    Rack::Attack.throttle('req/ip', :limit => 5, :period => 1.second) do |req|
-      # If the return value is truthy, the cache key for the return value
-      # is incremented and compared with the limit. In this case:
-      #   "rack::attack:#{Time.now.to_i/1.second}:req/ip:#{req.ip}"
-      #
-      # If falsy, the cache key is neither incremented nor checked.
-
-      req.ip
-    end
-
-    # Throttle login attempts for a given email parameter to 6 reqs/minute
-    # Return the email as a discriminator on POST /login requests
-    Rack::Attack.throttle('logins/email', :limit => 6, :period => 60.seconds) do |req|
-      req.params['email'] if req.path == '/login' && req.post?
-    end
-
-    # You can also set a limit using a proc instead of a number. For
-    # instance, after Rack::Auth::Basic has authenticated the user:
-    limit_based_on_proc = proc {|req| req.env["REMOTE_USER"] == "admin" ? 100 : 1}
-    Rack::Attack.throttle('req/ip', :limit => limit_based_on_proc, :period => 1.second) do |req|
-      req.ip
-    end
+# Throttle requests to 5 requests per second per ip
+Rack::Attack.throttle('req/ip', :limit => 5, :period => 1.second) do |req|
+  # If the return value is truthy, the cache key for the return value
+  # is incremented and compared with the limit. In this case:
+  #   "rack::attack:#{Time.now.to_i/1.second}:req/ip:#{req.ip}"
+  #
+  # If falsy, the cache key is neither incremented nor checked.
+
+  req.ip
+end
+
+# Throttle login attempts for a given email parameter to 6 reqs/minute
+# Return the email as a discriminator on POST /login requests
+Rack::Attack.throttle('logins/email', :limit => 6, :period => 60.seconds) do |req|
+  req.params['email'] if req.path == '/login' && req.post?
+end
+
+# You can also set a limit using a proc instead of a number. For
+# instance, after Rack::Auth::Basic has authenticated the user:
+limit_based_on_proc = proc {|req| req.env["REMOTE_USER"] == "admin" ? 100 : 1}
+Rack::Attack.throttle('req/ip', :limit => limit_based_on_proc, :period => 1.second) do |req|
+  req.ip
+end
 ```
 
 ### Tracks
 
 ```ruby
-    # Track requests from a special user agent
-    Rack::Attack.track("special_agent") do |req|
-      req.user_agent == "SpecialAgent"
-    end
-
-    # Track it using ActiveSupport::Notification
-    ActiveSupport::Notifications.subscribe("rack.attack") do |name, start, finish, request_id, req|
-      if req.env['rack.attack.matched'] == "special_agent" && req.env['rack.attack.match_type'] == :track
-        Rails.logger.info "special_agent: #{req.path}"
-        STATSD.increment("special_agent")
-      end
-    end
+# Track requests from a special user agent
+Rack::Attack.track("special_agent") do |req|
+  req.user_agent == "SpecialAgent"
+end
+
+# Track it using ActiveSupport::Notification
+ActiveSupport::Notifications.subscribe("rack.attack") do |name, start, finish, request_id, req|
+  if req.env['rack.attack.matched'] == "special_agent" && req.env['rack.attack.match_type'] == :track
+    Rails.logger.info "special_agent: #{req.path}"
+    STATSD.increment("special_agent")
+  end
+end
 ```
 
 ## Responses
@@ -196,30 +196,30 @@ clients until such time as they reach maxretry at which they are cut off as per
 Customize the response of blacklisted and throttled requests using an object that adheres to the [Rack app interface](http://rack.rubyforge.org/doc/SPEC.html).
 
 ```ruby
-    Rack::Attack.blacklisted_response = lambda do |env|
-      # Using 503 because it may make attacker think that they have successfully
-      # DOSed the site. Rack::Attack returns 401 for blacklists by default
-      [ 503, {}, ['Blocked']]
-    end
-
-    Rack::Attack.throttled_response = lambda do |env|
-      # name and other data about the matched throttle
-      body = [
-        env['rack.attack.matched'],
-        env['rack.attack.match_type'],
-        env['rack.attack.match_data']
-      ].inspect
-
-      # Using 503 because it may make attacker think that they have successfully
-      # DOSed the site. Rack::Attack returns 429 for throttling by default
-      [ 503, {}, [body]]
-    end
+Rack::Attack.blacklisted_response = lambda do |env|
+  # Using 503 because it may make attacker think that they have successfully
+  # DOSed the site. Rack::Attack returns 403 for blacklists by default
+  [ 503, {}, ['Blocked']]
+end
+
+Rack::Attack.throttled_response = lambda do |env|
+  # name and other data about the matched throttle
+  body = [
+    env['rack.attack.matched'],
+    env['rack.attack.match_type'],
+    env['rack.attack.match_data']
+  ].inspect
+
+  # Using 503 because it may make attacker think that they have successfully
+  # DOSed the site. Rack::Attack returns 429 for throttling by default
+  [ 503, {}, [body]]
+end
 ```
 
 For responses that did not exceed a throttle limit, Rack::Attack annotates the env with match data:
 
 ```ruby
-    request.env['rack.attack.throttle_data'][name] # => { :count => n, :period => p, :limit => l }
+request.env['rack.attack.throttle_data'][name] # => { :count => n, :period => p, :limit => l }
 ```
 
 ## Logging & Instrumentation
@@ -229,9 +229,9 @@ Rack::Attack uses the [ActiveSupport::Notifications](http://api.rubyonrails.org/
 You can subscribe to 'rack.attack' events and log it, graph it, etc:
 
 ```ruby
-    ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, request_id, req|
-      puts req.inspect
-    end
+ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, request_id, req|
+  puts req.inspect
+end
 ```
 
 ## Testing
@@ -250,7 +250,7 @@ so try to keep the number of throttle checks per request low.
 If a request is blacklisted or throttled, the response is a very simple Rack response.
 A single typical ruby web server thread can block several hundred requests per second.
 
-Rack::Attack complements tools like `iptables` and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule).
+Rack::Attack complements tools like `iptables` and nginx's [limit_conn_zone module](http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_zone).
 
 ## Motivation
 

data/Rakefile

@@ -2,8 +2,17 @@ require "rubygems"
 require "bundler/setup"
 require 'rake/testtask'
 
-Rake::TestTask.new do |t|
-  t.pattern = "spec/*_spec.rb"
+namespace :test do
+  Rake::TestTask.new(:units) do |t|
+    t.pattern = "spec/*_spec.rb"
+  end
+
+  Rake::TestTask.new(:integration) do |t|
+    t.pattern = "spec/integration/*_spec.rb"
+  end
 end
 
+desc 'Run tests'
+task :test => %w[test:units test:integration]
+
 task :default => :test

data/lib/rack/attack.rb

@@ -40,7 +40,7 @@ module Rack::Attack
 
       # Set defaults
       @notifier ||= ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
-      @blacklisted_response ||= lambda {|env| [401, {}, ["Unauthorized\n"]] }
+      @blacklisted_response ||= lambda {|env| [403, {}, ["Forbidden\n"]] }
       @throttled_response   ||= lambda {|env|
         retry_after = env['rack.attack.match_data'][:period] rescue nil
         [429, {'Retry-After' => retry_after.to_s}, ["Retry later\n"]]

data/lib/rack/attack/store_proxy.rb

@@ -26,6 +26,8 @@ module Rack
 
         def read(key)
           self.get(key)
+          rescue Redis::BaseError
+            nil
         end
 
         def write(key, value, options={})
@@ -34,6 +36,8 @@ module Rack
           else
             self.set(key, value)
           end
+          rescue Redis::BaseError
+            nil
         end
 
         def increment(key, amount, options={})
@@ -43,6 +47,8 @@ module Rack
             self.expire(key, options[:expires_in]) if options[:expires_in]
           end
           count.value if count
+          rescue Redis::BaseError
+            nil
         end
 
       end

data/lib/rack/attack/version.rb

@@ -1,5 +1,5 @@
 module Rack
   module Attack
-    VERSION = '2.3.0'
+    VERSION = '3.0.0'
   end
 end

data/spec/allow2ban_spec.rb

@@ -83,7 +83,7 @@ describe 'Rack::Attack.Allow2Ban' do
       end
 
       it 'fails' do
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
       end
 
       it 'does not increase fail count' do
@@ -103,7 +103,7 @@ describe 'Rack::Attack.Allow2Ban' do
       end
 
       it 'fails' do
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
       end
 
       it 'does not increase fail count' do

data/spec/fail2ban_spec.rb

@@ -24,7 +24,7 @@ describe 'Rack::Attack.Fail2Ban' do
       describe 'when not at maxretry' do
         before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
         it 'fails' do
-          last_response.status.must_equal 401
+          last_response.status.must_equal 403
         end
 
         it 'increases fail count' do
@@ -46,7 +46,7 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'fails' do
-          last_response.status.must_equal 401
+          last_response.status.must_equal 403
         end
 
         it 'increases fail count' do
@@ -83,7 +83,7 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'fails' do
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
       end
 
       it 'does not increase fail count' do
@@ -103,7 +103,7 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'fails' do
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
       end
 
       it 'does not increase fail count' do

data/spec/integration/rack_attack_cache_spec.rb

@@ -0,0 +1,111 @@
+require_relative '../spec_helper'
+
+describe Rack::Attack::Cache do
+  def delete(key)
+    if @cache.store.respond_to?(:delete)
+      @cache.store.delete(key)
+    else
+      @cache.store.del(key)
+    end
+  end
+
+  def sleep_until_expired
+    sleep(@expires_in * 1.1) # Add 10% to reduce errors
+  end
+
+  require 'active_support/cache/dalli_store'
+  require 'active_support/cache/redis_store'
+  cache_stores = [
+    ActiveSupport::Cache::MemoryStore.new,
+    ActiveSupport::Cache::DalliStore.new("localhost"),
+    ActiveSupport::Cache::RedisStore.new("localhost"),
+    Redis::Store.new
+  ]
+
+  cache_stores.each do |store|
+    store = Rack::Attack::StoreProxy.build(store)
+    describe "with #{store.class}" do
+
+      before {
+        @cache ||= Rack::Attack::Cache.new
+        @key = "rack::attack:cache-test-key"
+        @expires_in = 1
+        @cache.store = store
+        delete(@key)
+      }
+
+      after { delete(@key) }
+
+      describe "do_count once" do
+        it "should be 1" do
+          @cache.send(:do_count, @key, @expires_in).must_equal 1
+        end
+      end
+
+      describe "do_count twice" do
+        it "must be 2" do
+          @cache.send(:do_count, @key, @expires_in)
+          @cache.send(:do_count, @key, @expires_in).must_equal 2
+        end
+      end
+      describe "do_count after expires_in" do
+        it "must be 1" do
+          @cache.send(:do_count, @key, @expires_in)
+          sleep_until_expired
+          @cache.send(:do_count, @key, @expires_in).must_equal 1
+        end
+      end
+
+      describe "write" do
+        it "should write a value to the store with prefix" do
+          @cache.write("cache-test-key", "foobar", 1)
+          store.read(@key).must_equal "foobar"
+        end
+      end
+
+      describe "write after expiry" do
+        it "must not have a value" do
+          @cache.write("cache-test-key", "foobar", @expires_in)
+          sleep_until_expired
+          store.read(@key).must_be :nil?
+        end
+      end
+
+      describe "read" do
+        it "must read the value with a prefix" do
+          store.write(@key, "foobar", :expires_in => @expires_in)
+          @cache.read("cache-test-key").must_equal "foobar"
+        end
+      end
+    end
+
+  end
+
+  describe "should not error if redis is not running" do
+    before {
+      @cache = Rack::Attack::Cache.new
+      @key = "rack::attack:cache-test-key"
+      @expires_in = 1
+      # Use presumably unused port for Redis client
+      @cache.store = ActiveSupport::Cache::RedisStore.new(:host => '127.0.0.1', :port => 3333)
+    }
+    describe "write" do
+      it "should not raise exception" do
+        @cache.write("cache-test-key", "foobar", 1)
+      end
+    end
+
+    describe "read" do
+      it "should not raise exception" do
+        @cache.read("cache-test-key")
+      end
+    end
+
+    describe "do_count" do
+      it "should not raise exception" do
+        @cache.send(:do_count, @key, @expires_in)
+      end
+    end
+  end
+
+end

data/spec/rack_attack_spec.rb

@@ -15,7 +15,8 @@ describe 'Rack::Attack' do
       before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }
       it "should return a blacklist response" do
         get '/', {}, 'REMOTE_ADDR' => @bad_ip
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
+        last_response.body.must_equal "Forbidden\n"
       end
       it "should tag the env" do
         last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}"

metadata

@@ -1,125 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: rack-attack
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Aaron Suggs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-11 00:00:00.000000000 Z
+date: 2014-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
-- !ruby/object:Gem::Dependency
-  name: debugger
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: redis-activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: dalli
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: A rack middleware for throttling and blocking abusive requests
@@ -128,6 +114,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- README.md
+- Rakefile
+- lib/rack/attack.rb
 - lib/rack/attack/allow2ban.rb
 - lib/rack/attack/blacklist.rb
 - lib/rack/attack/cache.rb
@@ -138,12 +127,9 @@ files:
 - lib/rack/attack/track.rb
 - lib/rack/attack/version.rb
 - lib/rack/attack/whitelist.rb
-- lib/rack/attack.rb
-- Rakefile
-- README.md
 - spec/allow2ban_spec.rb
 - spec/fail2ban_spec.rb
-- spec/rack_attack_cache_spec.rb
+- spec/integration/rack_attack_cache_spec.rb
 - spec/rack_attack_spec.rb
 - spec/rack_attack_throttle_spec.rb
 - spec/rack_attack_track_spec.rb
@@ -154,29 +140,29 @@ licenses:
 metadata: {}
 post_install_message: 
 rdoc_options:
-- --charset=UTF-8
+- "--charset=UTF-8"
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.9.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.1.6
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Block & throttle abusive requests
 test_files:
 - spec/allow2ban_spec.rb
 - spec/fail2ban_spec.rb
-- spec/rack_attack_cache_spec.rb
+- spec/integration/rack_attack_cache_spec.rb
 - spec/rack_attack_spec.rb
 - spec/rack_attack_throttle_spec.rb
 - spec/rack_attack_track_spec.rb

data/spec/rack_attack_cache_spec.rb

@@ -1,84 +0,0 @@
-require_relative 'spec_helper'
-
-if ENV['TEST_INTEGRATION']
-  describe Rack::Attack::Cache do
-    def delete(key)
-      if @cache.store.respond_to?(:delete)
-        @cache.store.delete(key)
-      else
-        @cache.store.del(key)
-      end
-    end
-
-    require 'active_support/cache/dalli_store'
-    require 'active_support/cache/redis_store'
-    cache_stores = [
-      ActiveSupport::Cache::MemoryStore.new,
-      ActiveSupport::Cache::DalliStore.new("localhost"),
-      ActiveSupport::Cache::RedisStore.new("localhost"),
-      Redis::Store.new
-    ]
-
-    cache_stores.each do |store|
-      store = Rack::Attack::StoreProxy.build(store)
-      describe "with #{store.class}" do
-
-        before {
-          @cache ||= Rack::Attack::Cache.new
-          @key = "rack::attack:cache-test-key"
-          @expires_in = 1
-          @cache.store = store
-          delete(@key)
-        }
-
-        after { delete(@key) }
-
-        describe "do_count once" do
-          it "should be 1" do
-            @cache.send(:do_count, @key, @expires_in).must_equal 1
-          end
-        end
-
-        describe "do_count twice" do
-          it "must be 2" do
-            @cache.send(:do_count, @key, @expires_in)
-            @cache.send(:do_count, @key, @expires_in).must_equal 2
-          end
-        end
-        describe "do_count after expires_in" do
-          it "must be 1" do
-            @cache.send(:do_count, @key, @expires_in)
-            sleep @expires_in # sigh
-            @cache.send(:do_count, @key, @expires_in).must_equal 1
-          end
-        end
-
-        describe "write" do
-          it "should write a value to the store with prefix" do
-            @cache.write("cache-test-key", "foobar", 1)
-            store.read(@key).must_equal "foobar"
-          end
-        end
-
-        describe "write after expiry" do
-          it "must not have a value" do
-            @cache.write("cache-test-key", "foobar", @expires_in)
-            sleep @expires_in # tick... tick... tick...
-            store.read(@key).must_be :nil?
-          end
-        end
-
-        describe "read" do
-          it "must read the value with a prefix" do
-            store.write(@key, "foobar", :expires_in => @expires_in)
-            @cache.read("cache-test-key").must_equal "foobar"
-          end
-        end
-      end
-
-    end
-
-  end
-else
-  puts 'Skipping cache store integration tests (set ENV["TEST_INTEGRATION"] to enable)'
-end