Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
b1da4f7d
Commit
b1da4f7d
authored
Feb 17, 2017
by
Pawel Chojnacki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Cleanup RSpec tests
parent
8993801f
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
47 additions
and
73 deletions
+47
-73
spec/controllers/sessions_controller_spec.rb
spec/controllers/sessions_controller_spec.rb
+2
-21
spec/lib/gitlab/auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+9
-19
spec/requests/api/doorkeeper_access_spec.rb
spec/requests/api/doorkeeper_access_spec.rb
+28
-31
spec/support/unique_ip_check_shared_examples.rb
spec/support/unique_ip_check_shared_examples.rb
+8
-2
No files found.
spec/controllers/sessions_controller_spec.rb
View file @
b1da4f7d
...
@@ -30,30 +30,11 @@ describe SessionsController do
...
@@ -30,30 +30,11 @@ describe SessionsController do
expect
(
SecurityEvent
.
last
.
details
[
:with
]).
to
eq
(
'standard'
)
expect
(
SecurityEvent
.
last
.
details
[
:with
]).
to
eq
(
'standard'
)
end
end
context
'unique ip limit is enabled and set to 1'
,
:redis
do
include_examples
'user login operation with unique ip limit'
do
before
do
def
operation
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_enabled
).
and_return
(
true
)
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_time_window
).
and_return
(
10
)
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_per_user
).
and_return
(
1
)
end
it
'allows user authenticating from the same ip'
do
allow
(
Gitlab
::
RequestContext
).
to
receive
(
:client_ip
).
and_return
(
'ip'
)
post
(
:create
,
user:
{
login:
user
.
username
,
password:
user
.
password
})
expect
(
subject
.
current_user
).
to
eq
user
post
(
:create
,
user:
{
login:
user
.
username
,
password:
user
.
password
})
post
(
:create
,
user:
{
login:
user
.
username
,
password:
user
.
password
})
expect
(
subject
.
current_user
).
to
eq
user
expect
(
subject
.
current_user
).
to
eq
user
end
end
it
'blocks user authenticating from two distinct ips'
do
allow
(
Gitlab
::
RequestContext
).
to
receive
(
:client_ip
).
and_return
(
'ip'
)
post
(
:create
,
user:
{
login:
user
.
username
,
password:
user
.
password
})
expect
(
subject
.
current_user
).
to
eq
user
allow
(
Gitlab
::
RequestContext
).
to
receive
(
:client_ip
).
and_return
(
'ip2'
)
expect
{
post
(
:create
,
user:
{
login:
user
.
username
,
password:
user
.
password
})
}.
to
raise_error
(
Gitlab
::
Auth
::
TooManyIps
)
end
end
end
end
end
end
end
...
...
spec/lib/gitlab/auth_spec.rb
View file @
b1da4f7d
...
@@ -58,27 +58,11 @@ describe Gitlab::Auth, lib: true do
...
@@ -58,27 +58,11 @@ describe Gitlab::Auth, lib: true do
expect
(
gl_auth
.
find_for_git_client
(
user
.
username
,
'password'
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:gitlab_or_ldap
,
full_authentication_abilities
))
expect
(
gl_auth
.
find_for_git_client
(
user
.
username
,
'password'
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:gitlab_or_ldap
,
full_authentication_abilities
))
end
end
include_examples
'user login operation with unique ip limit'
do
let
(
:user
)
{
create
(
:user
,
password:
'password'
)
}
context
'unique ip limit is enabled and set to 1'
,
:redis
do
def
operation
before
do
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_enabled
).
and_return
(
true
)
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_time_window
).
and_return
(
10
)
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_per_user
).
and_return
(
1
)
end
it
'allows user authenticating from the same ip'
do
user
=
create
(
:user
,
password:
'password'
)
allow
(
Gitlab
::
RequestContext
).
to
receive
(
:client_ip
).
and_return
(
'ip'
)
expect
(
gl_auth
.
find_for_git_client
(
user
.
username
,
'password'
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:gitlab_or_ldap
,
full_authentication_abilities
))
expect
(
gl_auth
.
find_for_git_client
(
user
.
username
,
'password'
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:gitlab_or_ldap
,
full_authentication_abilities
))
end
it
'blocks user authenticating from two distinct ips'
do
user
=
create
(
:user
,
password:
'password'
)
allow
(
Gitlab
::
RequestContext
).
to
receive
(
:client_ip
).
and_return
(
'ip'
)
expect
(
gl_auth
.
find_for_git_client
(
user
.
username
,
'password'
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:gitlab_or_ldap
,
full_authentication_abilities
))
expect
(
gl_auth
.
find_for_git_client
(
user
.
username
,
'password'
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:gitlab_or_ldap
,
full_authentication_abilities
))
allow
(
Gitlab
::
RequestContext
).
to
receive
(
:client_ip
).
and_return
(
'ip2'
)
expect
{
gl_auth
.
find_for_git_client
(
user
.
username
,
'password'
,
project:
nil
,
ip:
'ip2'
)
}.
to
raise_error
(
Gitlab
::
Auth
::
TooManyIps
)
end
end
end
end
...
@@ -220,6 +204,12 @@ describe Gitlab::Auth, lib: true do
...
@@ -220,6 +204,12 @@ describe Gitlab::Auth, lib: true do
expect
(
gl_auth
.
find_with_user_password
(
username
,
password
)
).
not_to
eql
user
expect
(
gl_auth
.
find_with_user_password
(
username
,
password
)
).
not_to
eql
user
end
end
include_examples
'user login operation with unique ip limit'
do
def
operation
expect
(
gl_auth
.
find_with_user_password
(
username
,
password
)).
to
eql
user
end
end
context
"with ldap enabled"
do
context
"with ldap enabled"
do
before
do
before
do
allow
(
Gitlab
::
LDAP
::
Config
).
to
receive
(
:enabled?
).
and_return
(
true
)
allow
(
Gitlab
::
LDAP
::
Config
).
to
receive
(
:enabled?
).
and_return
(
true
)
...
...
spec/requests/api/doorkeeper_access_spec.rb
View file @
b1da4f7d
require
'spec_helper'
require
'spec_helper'
describe
API
::
API
,
api:
true
do
shared_examples
'user login request with unique ip limit'
do
include_context
'limit login to only one ip'
do
it
'allows user authenticating from the same ip'
do
change_ip
(
'ip'
)
request
expect
(
response
).
to
have_http_status
(
200
)
request
expect
(
response
).
to
have_http_status
(
200
)
end
it
'blocks user authenticating from two distinct ips'
do
change_ip
(
'ip'
)
request
expect
(
response
).
to
have_http_status
(
200
)
change_ip
(
'ip2'
)
request
expect
(
response
).
to
have_http_status
(
403
)
end
end
end
describe
API
::
API
,
api:
true
do
include
ApiHelpers
include
ApiHelpers
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:user
)
{
create
(
:user
)
}
...
@@ -13,22 +36,9 @@ describe API::API, api: true do
...
@@ -13,22 +36,9 @@ describe API::API, api: true do
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
end
end
include_context
'limit login to only one ip'
do
include_examples
'user login request with unique ip limit'
do
it
'allows login twice from the same ip'
do
def
request
get
api
(
'/user'
),
access_token:
token
.
token
expect
(
response
).
to
have_http_status
(
200
)
get
api
(
'/user'
),
access_token:
token
.
token
get
api
(
'/user'
),
access_token:
token
.
token
expect
(
response
).
to
have_http_status
(
200
)
end
it
'blocks login from two different ips'
do
get
api
(
'/user'
),
access_token:
token
.
token
expect
(
response
).
to
have_http_status
(
200
)
change_ip
(
'ip2'
)
get
api
(
'/user'
),
access_token:
token
.
token
expect
(
response
).
to
have_http_status
(
403
)
end
end
end
end
end
end
...
@@ -46,22 +56,9 @@ describe API::API, api: true do
...
@@ -46,22 +56,9 @@ describe API::API, api: true do
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
end
end
include_context
'limit login to only one ip'
do
include_examples
'user login request with unique ip limit'
do
it
'allows login twice from the same ip'
do
def
request
get
api
(
'/user'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
get
api
(
'/user'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
end
it
'blocks login from two different ips'
do
get
api
(
'/user'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
change_ip
(
'ip2'
)
get
api
(
'/user'
,
user
)
get
api
(
'/user'
,
user
)
expect
(
response
).
to
have_http_status
(
403
)
end
end
end
end
end
end
...
...
spec/support/unique_ip_check_shared_examples.rb
View file @
b1da4f7d
shared_context
'limit login to only one ip'
,
:redis
do
shared_context
'limit login to only one ip'
do
before
(
:each
)
do
Gitlab
::
Redis
.
with
(
&
:flushall
)
end
before
do
before
do
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_enabled
).
and_return
(
true
)
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_enabled
).
and_return
(
true
)
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_time_window
).
and_return
(
1000
)
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_time_window
).
and_return
(
1000
0
)
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_per_user
).
and_return
(
1
)
allow
(
Gitlab
::
Auth
::
UniqueIpsLimiter
).
to
receive_message_chain
(
:config
,
:unique_ips_limit_per_user
).
and_return
(
1
)
end
end
...
@@ -13,11 +17,13 @@ end
...
@@ -13,11 +17,13 @@ end
shared_examples
'user login operation with unique ip limit'
do
shared_examples
'user login operation with unique ip limit'
do
include_context
'limit login to only one ip'
do
include_context
'limit login to only one ip'
do
it
'allows user authenticating from the same ip'
do
it
'allows user authenticating from the same ip'
do
change_ip
(
'ip'
)
expect
{
operation
}.
not_to
raise_error
expect
{
operation
}.
not_to
raise_error
expect
{
operation
}.
not_to
raise_error
expect
{
operation
}.
not_to
raise_error
end
end
it
'blocks user authenticating from two distinct ips'
do
it
'blocks user authenticating from two distinct ips'
do
change_ip
(
'ip'
)
expect
{
operation
}.
not_to
raise_error
expect
{
operation
}.
not_to
raise_error
change_ip
(
'ip2'
)
change_ip
(
'ip2'
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment