mastodon/spec/controllers/concerns/rate_limit_headers_spec.rb

# frozen_string_literal: true

require 'rails_helper'

describe ApplicationController do
  controller do
    include RateLimitHeaders

    def show
      head 200
    end
  end

  before do
    routes.draw { get 'show' => 'anonymous#show' }
  end

  describe 'rate limiting' do
    context 'throttling is off' do
      before do
        request.env['rack.attack.throttle_data'] = nil
      end

      it 'does not apply rate limiting' do
        get 'show'

        expect(response.headers['X-RateLimit-Limit']).to be_nil
        expect(response.headers['X-RateLimit-Remaining']).to be_nil
        expect(response.headers['X-RateLimit-Reset']).to be_nil
      end
    end

    context 'throttling is on' do
      let(:start_time) { DateTime.new(2017, 1, 1, 12, 0, 0).utc }

      before do
        request.env['rack.attack.throttle_data'] = { 'throttle_authenticated_api' => { limit: 100, count: 20, period: 10 } }
        travel_to start_time do
          get 'show'
        end
      end

      it 'applies rate limiting limit header' do
        expect(response.headers['X-RateLimit-Limit']).to eq '100'
      end

      it 'applies rate limiting remaining header' do
        expect(response.headers['X-RateLimit-Remaining']).to eq '80'
      end

      it 'applies rate limiting reset header' do
        expect(response.headers['X-RateLimit-Reset']).to eq (start_time + 10.seconds).iso8601(6)
      end
    end
  end
end
Coverage improvement and concern extraction for rate limit headers in API controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup 2017-06-07 11:23:26 -04:00			`# frozen_string_literal: true`

			`require 'rails_helper'`

			`describe ApplicationController do`
			`controller do`
			`include RateLimitHeaders`

			`def show`
			`head 200`
			`end`
			`end`

			`before do`
			`routes.draw { get 'show' => 'anonymous#show' }`
			`end`

			`describe 'rate limiting' do`
			`context 'throttling is off' do`
			`before do`
			`request.env['rack.attack.throttle_data'] = nil`
			`end`

			`it 'does not apply rate limiting' do`
			`get 'show'`

			`expect(response.headers['X-RateLimit-Limit']).to be_nil`
			`expect(response.headers['X-RateLimit-Remaining']).to be_nil`
			`expect(response.headers['X-RateLimit-Reset']).to be_nil`
			`end`
			`end`

			`context 'throttling is on' do`
			`let(:start_time) { DateTime.new(2017, 1, 1, 12, 0, 0).utc }`

			`before do`
Rate limit by user instead of IP when API user is authenticated (#5923) * Fix #668 - Rate limit by user instead of IP when API user is authenticated * Fix code style issue * Use request decorator provided by Doorkeeper 2017-12-09 14:20:02 +01:00			`request.env['rack.attack.throttle_data'] = { 'throttle_authenticated_api' => { limit: 100, count: 20, period: 10 } }`
Coverage improvement and concern extraction for rate limit headers in API controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup 2017-06-07 11:23:26 -04:00			`travel_to start_time do`
			`get 'show'`
			`end`
			`end`

			`it 'applies rate limiting limit header' do`
			`expect(response.headers['X-RateLimit-Limit']).to eq '100'`
			`end`

			`it 'applies rate limiting remaining header' do`
			`expect(response.headers['X-RateLimit-Remaining']).to eq '80'`
			`end`

			`it 'applies rate limiting reset header' do`
			`expect(response.headers['X-RateLimit-Reset']).to eq (start_time + 10.seconds).iso8601(6)`
			`end`
			`end`
			`end`
			`end`