Commit b1da4f7d authored by Pawel Chojnacki's avatar Pawel Chojnacki

Cleanup RSpec tests

parent 8993801f
...@@ -30,30 +30,11 @@ describe SessionsController do ...@@ -30,30 +30,11 @@ describe SessionsController do
expect(SecurityEvent.last.details[:with]).to eq('standard') expect(SecurityEvent.last.details[:with]).to eq('standard')
end end
context 'unique ip limit is enabled and set to 1', :redis do include_examples 'user login operation with unique ip limit' do
before do def operation
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true)
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(10)
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1)
end
it 'allows user authenticating from the same ip' do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip')
post(:create, user: { login: user.username, password: user.password })
expect(subject.current_user).to eq user
post(:create, user: { login: user.username, password: user.password }) post(:create, user: { login: user.username, password: user.password })
expect(subject.current_user).to eq user expect(subject.current_user).to eq user
end end
it 'blocks user authenticating from two distinct ips' do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip')
post(:create, user: { login: user.username, password: user.password })
expect(subject.current_user).to eq user
allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip2')
expect { post(:create, user: { login: user.username, password: user.password }) }.to raise_error(Gitlab::Auth::TooManyIps)
end
end end
end end
end end
......
...@@ -58,27 +58,11 @@ describe Gitlab::Auth, lib: true do ...@@ -58,27 +58,11 @@ describe Gitlab::Auth, lib: true do
expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities)) expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
end end
include_examples 'user login operation with unique ip limit' do
let(:user) { create(:user, password: 'password') }
context 'unique ip limit is enabled and set to 1', :redis do def operation
before do
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true)
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(10)
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1)
end
it 'allows user authenticating from the same ip' do
user = create(:user, password: 'password')
allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip')
expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
end
it 'blocks user authenticating from two distinct ips' do
user = create(:user, password: 'password')
allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip')
expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities)) expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip2')
expect { gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip2') }.to raise_error(Gitlab::Auth::TooManyIps)
end end
end end
...@@ -220,6 +204,12 @@ describe Gitlab::Auth, lib: true do ...@@ -220,6 +204,12 @@ describe Gitlab::Auth, lib: true do
expect( gl_auth.find_with_user_password(username, password) ).not_to eql user expect( gl_auth.find_with_user_password(username, password) ).not_to eql user
end end
include_examples 'user login operation with unique ip limit' do
def operation
expect(gl_auth.find_with_user_password(username, password)).to eql user
end
end
context "with ldap enabled" do context "with ldap enabled" do
before do before do
allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true) allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
......
require 'spec_helper' require 'spec_helper'
describe API::API, api: true do shared_examples 'user login request with unique ip limit' do
include_context 'limit login to only one ip' do
it 'allows user authenticating from the same ip' do
change_ip('ip')
request
expect(response).to have_http_status(200)
request
expect(response).to have_http_status(200)
end
it 'blocks user authenticating from two distinct ips' do
change_ip('ip')
request
expect(response).to have_http_status(200)
change_ip('ip2')
request
expect(response).to have_http_status(403)
end
end
end
describe API::API, api: true do
include ApiHelpers include ApiHelpers
let!(:user) { create(:user) } let!(:user) { create(:user) }
...@@ -13,22 +36,9 @@ describe API::API, api: true do ...@@ -13,22 +36,9 @@ describe API::API, api: true do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
include_context 'limit login to only one ip' do include_examples 'user login request with unique ip limit' do
it 'allows login twice from the same ip' do def request
get api('/user'), access_token: token.token
expect(response).to have_http_status(200)
get api('/user'), access_token: token.token get api('/user'), access_token: token.token
expect(response).to have_http_status(200)
end
it 'blocks login from two different ips' do
get api('/user'), access_token: token.token
expect(response).to have_http_status(200)
change_ip('ip2')
get api('/user'), access_token: token.token
expect(response).to have_http_status(403)
end end
end end
end end
...@@ -46,22 +56,9 @@ describe API::API, api: true do ...@@ -46,22 +56,9 @@ describe API::API, api: true do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
include_context 'limit login to only one ip' do include_examples 'user login request with unique ip limit' do
it 'allows login twice from the same ip' do def request
get api('/user', user)
expect(response).to have_http_status(200)
get api('/user', user)
expect(response).to have_http_status(200)
end
it 'blocks login from two different ips' do
get api('/user', user)
expect(response).to have_http_status(200)
change_ip('ip2')
get api('/user', user) get api('/user', user)
expect(response).to have_http_status(403)
end end
end end
end end
......
shared_context 'limit login to only one ip', :redis do shared_context 'limit login to only one ip' do
before(:each) do
Gitlab::Redis.with(&:flushall)
end
before do before do
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true) allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true)
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(1000) allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(10000)
allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1) allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1)
end end
...@@ -13,11 +17,13 @@ end ...@@ -13,11 +17,13 @@ end
shared_examples 'user login operation with unique ip limit' do shared_examples 'user login operation with unique ip limit' do
include_context 'limit login to only one ip' do include_context 'limit login to only one ip' do
it 'allows user authenticating from the same ip' do it 'allows user authenticating from the same ip' do
change_ip('ip')
expect { operation }.not_to raise_error expect { operation }.not_to raise_error
expect { operation }.not_to raise_error expect { operation }.not_to raise_error
end end
it 'blocks user authenticating from two distinct ips' do it 'blocks user authenticating from two distinct ips' do
change_ip('ip')
expect { operation }.not_to raise_error expect { operation }.not_to raise_error
change_ip('ip2') change_ip('ip2')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment