Add validations for throttle_* settings

e6afbd99 · Quang-Minh Nguyen · 830926a6 · e6afbd99 · e6afbd99
Commit e6afbd99 authored Jan 06, 2021 by Quang-Minh Nguyen
Hide whitespace changes
Inline Side-by-side

Showing with 53 additions and 0 deletions

app/models/application_setting.rb app/models/application_setting.rb +32 -0

spec/models/application_setting_spec.rb spec/models/application_setting_spec.rb +21 -0

No files found.
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -404,6 +404,38 @@ class ApplicationSetting < ApplicationRecord
            length: { maximum: 255, message: _('is too long (maximum is %{count} characters)') },
            allow_blank: true

+  validates :throttle_unauthenticated_requests_per_period,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :throttle_unauthenticated_period_in_seconds,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :throttle_authenticated_api_requests_per_period,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :throttle_authenticated_api_period_in_seconds,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :throttle_authenticated_web_requests_per_period,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :throttle_authenticated_web_period_in_seconds,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :throttle_protected_paths_requests_per_period,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :throttle_protected_paths_period_in_seconds,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
  attr_encrypted :asset_proxy_secret_key,
                 mode: :per_attribute_iv,
                 key: Settings.attr_encrypted_db_key_base_truncated,

--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -733,6 +733,27 @@ RSpec.describe ApplicationSetting do
        is_expected.to be_invalid
      end
    end
+
+    context 'throttle_* settings' do
+      where(:throttle_setting) do
+        %i[
+          throttle_unauthenticated_requests_per_period
+          throttle_unauthenticated_period_in_seconds
+          throttle_authenticated_api_requests_per_period
+          throttle_authenticated_api_period_in_seconds
+          throttle_authenticated_web_requests_per_period
+          throttle_authenticated_web_period_in_seconds
+        ]
+      end
+
+      with_them do
+        it { is_expected.to allow_value(3).for(throttle_setting) }
+        it { is_expected.not_to allow_value(-3).for(throttle_setting) }
+        it { is_expected.not_to allow_value(0).for(throttle_setting) }
+        it { is_expected.not_to allow_value('three').for(throttle_setting) }
+        it { is_expected.not_to allow_value(nil).for(throttle_setting) }
+      end
+    end
  end

  context 'restrict creating duplicates' do