Commit 29c53b95 authored by George Koltsov's avatar George Koltsov

Fix Web Project Export rate limiting scope

parent 8eef7109
...@@ -521,7 +521,7 @@ class ProjectsController < Projects::ApplicationController ...@@ -521,7 +521,7 @@ class ProjectsController < Projects::ApplicationController
def export_rate_limit def export_rate_limit
prefixed_action = "project_#{params[:action]}".to_sym prefixed_action = "project_#{params[:action]}".to_sym
project_scope = params[:action] == :download_export ? @project : nil project_scope = params[:action] == 'download_export' ? @project : nil
if rate_limiter.throttled?(prefixed_action, scope: [current_user, project_scope].compact) if rate_limiter.throttled?(prefixed_action, scope: [current_user, project_scope].compact)
rate_limiter.log_request(request, "#{prefixed_action}_request_limit".to_sym, current_user) rate_limiter.log_request(request, "#{prefixed_action}_request_limit".to_sym, current_user)
......
---
title: Fix Web Project Export rate limiting scope
merge_request: 55975
author:
type: fixed
...@@ -1362,6 +1362,14 @@ RSpec.describe ProjectsController do ...@@ -1362,6 +1362,14 @@ RSpec.describe ProjectsController do
expect(response.body).to eq('This endpoint has been requested too many times. Try again later.') expect(response.body).to eq('This endpoint has been requested too many times. Try again later.')
expect(response).to have_gitlab_http_status(:too_many_requests) expect(response).to have_gitlab_http_status(:too_many_requests)
end end
it 'applies correct scope when throttling' do
expect(Gitlab::ApplicationRateLimiter)
.to receive(:throttled?)
.with(:project_download_export, scope: [user, project])
post action, params: { namespace_id: project.namespace, id: project }
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment