Commit b6c51f57 authored by Mayra Cabrera's avatar Mayra Cabrera Committed by Stan Hu

Return 429 on rate limiter on raw endpoint

It was originally returning 302 when the rate limit kicks in, because
using the the correct status code makes it easier to track rate limiting
events

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/65974
parent bd759eeb
...@@ -26,7 +26,7 @@ class Projects::RawController < Projects::ApplicationController ...@@ -26,7 +26,7 @@ class Projects::RawController < Projects::ApplicationController
limiter.log_request(request, :raw_blob_request_limit, current_user) limiter.log_request(request, :raw_blob_request_limit, current_user)
flash[:alert] = _('You cannot access the raw file. Please wait a minute.') flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
redirect_to project_blob_path(@project, File.join(@ref, @path)) redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests
end end
def raw_blob_request_limit def raw_blob_request_limit
......
...@@ -60,7 +60,7 @@ describe Projects::RawController do ...@@ -60,7 +60,7 @@ describe Projects::RawController do
execute_raw_requests(requests: 6, project: project, file_path: file_path) execute_raw_requests(requests: 6, project: project, file_path: file_path)
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.') expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
expect(response).to redirect_to(project_blob_path(project, file_path)) expect(response).to have_gitlab_http_status(429)
end end
it 'logs the event on auth.log' do it 'logs the event on auth.log' do
...@@ -92,7 +92,7 @@ describe Projects::RawController do ...@@ -92,7 +92,7 @@ describe Projects::RawController do
execute_raw_requests(requests: 3, project: project, file_path: modified_path) execute_raw_requests(requests: 3, project: project, file_path: modified_path)
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.') expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
expect(response).to redirect_to(project_blob_path(project, modified_path)) expect(response).to have_gitlab_http_status(429)
end end
end end
...@@ -120,7 +120,7 @@ describe Projects::RawController do ...@@ -120,7 +120,7 @@ describe Projects::RawController do
execute_raw_requests(requests: 6, project: project, file_path: file_path) execute_raw_requests(requests: 6, project: project, file_path: file_path)
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.') expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
expect(response).to redirect_to(project_blob_path(project, file_path)) expect(response).to have_gitlab_http_status(429)
# Accessing upcase version of readme # Accessing upcase version of readme
file_path = "#{commit_sha}/README.md" file_path = "#{commit_sha}/README.md"
......
# frozen_string_literal: true
require 'spec_helper'
describe 'Projects > Raw > User interacts with raw endpoint' do
include RepoHelpers
let(:user) { create(:user) }
let(:project) { create(:project, :repository, :public) }
let(:file_path) { 'master/README.md' }
before do
stub_application_setting(raw_blob_request_limit: 3)
project.add_developer(user)
create_file_in_repo(project, 'master', 'master', 'README.md', 'readme content')
sign_in(user)
end
context 'when user access a raw file' do
it 'renders the page successfully' do
visit project_raw_url(project, file_path)
expect(source).to eq('') # Body is filled in by gitlab-workhorse
end
end
context 'when user goes over the rate requests limit' do
it 'returns too many requests' do
4.times do
visit project_raw_url(project, file_path)
end
expect(source).to have_content('You are being redirected')
click_link('redirected')
expect(page).to have_content('You cannot access the raw file. Please wait a minute.')
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment