Disables Rack Attack by default

0fd901bd · Tiago Botelho · 40631412 · 0fd901bd · 0fd901bd
Commit 0fd901bd authored Jan 24, 2018 by Tiago Botelho
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 1 deletion

config/initializers/1_settings.rb config/initializers/1_settings.rb +1 -1

spec/requests/git_http_spec.rb spec/requests/git_http_spec.rb +8 -0

No files found.
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -418,7 +418,7 @@ Settings['extra'] ||= Settingslogic.new({})
 #
 Settings['rack_attack'] ||= Settingslogic.new({})
 Settings.rack_attack['git_basic_auth'] ||= Settingslogic.new({})
-Settings.rack_attack.git_basic_auth['enabled'] = true if Settings.rack_attack.git_basic_auth['enabled'].nil?
+Settings.rack_attack.git_basic_auth['enabled'] = false if Settings.rack_attack.git_basic_auth['enabled'].nil?
 Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1}
 Settings.rack_attack.git_basic_auth['maxretry'] ||= 10
 Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute

--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -381,6 +381,10 @@ describe 'Git HTTP requests' do

          context "when authentication fails" do
            context "when the user is IP banned" do
+              before do
+                Gitlab.config.rack_attack.git_basic_auth['enabled'] = true
+              end
+
              it "responds with status 401" do
                expect(Rack::Attack::Allow2Ban).to receive(:filter).and_return(true)
                allow_any_instance_of(Rack::Request).to receive(:ip).and_return('1.2.3.4')
@@ -420,6 +424,10 @@ describe 'Git HTTP requests' do
              end

              context "when the user isn't blocked" do
+                before do
+                  Gitlab.config.rack_attack.git_basic_auth['enabled'] = true
+                end
+
                it "resets the IP in Rack Attack on download" do
                  expect(Rack::Attack::Allow2Ban).to receive(:reset).twice