Add a failing test (for a wrong reason)

3 years ago · 4fe98fa86c
4 changed files with 50 additions and 0 deletions
--- a/1
+++ b/1
@ -50,6 +50,7 @@ gem "paper_trail"
 # Store active record objects in version whodunnits
 gem "paper_trail-globalid"
 # Receive exceptions and configure alerts
+gem "rack-attack"
 gem "sentry-rails"
 gem "sentry-ruby"

--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -290,6 +290,8 @@ GEM
      nio4r (~> 2.0)
    racc (1.6.0)
    rack (2.2.3)
+    rack-attack (6.6.0)
+      rack (>= 1.0, < 3)
    rack-mini-profiler (2.3.4)
      rack (>= 1.2.0)
    rack-proxy (0.7.2)
@ -490,6 +492,7 @@ DEPENDENCIES
  postcodes_io
  pry-byebug
  puma (~> 5.0)
+  rack-attack
  rack-mini-profiler (~> 2.0)
  rails (~> 7.0.1)
  roo
--- a/spec/requests/rack_attack_spec.rb
+++ b/spec/requests/rack_attack_spec.rb
@ -0,0 +1,43 @@
+require "rails_helper"
+require_relative "../support/devise"
+require_relative "../support/rack_attack"
+require "rack/attack"
+
+describe "Rack::Attack" do
+  let(:limit) { 5 }
+  let(:under_limit) { limit / 2 }
+  let(:over_limit) { limit + 1 }
+
+  let(:page) { Capybara::Node::Simple.new(response.body) }
+  let(:notify_client) { instance_double(Notifications::Client) }
+  let(:devise_notify_mailer) { DeviseNotifyMailer.new }
+
+  before do
+    Rack::Attack.enabled = false
+    allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer)
+    allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client)
+    allow(notify_client).to receive(:send_email).and_return(true)
+  end
+
+  context "when a regular user" do
+    let(:params) { { user: { email: } } }
+
+    context "when a password reset is requested for a valid email" do
+      let(:user) { FactoryBot.create(:user) }
+      let(:email) { user.email }
+
+      it "does not throttle" do
+        under_limit.times do
+          post "/users/password", params: params
+          follow_redirect!
+        end
+        expect(last_response.status).to eq(200)
+
+        # post "/users/password", params: params
+        # expect(response).to have_http_status(:redirect)
+        # follow_redirect!
+        # expect(response.body).to match(/Check your email/)
+      end
+    end
+  end
+end
--- a/spec/support/rack_attack.rb
+++ b/spec/support/rack_attack.rb
@ -0,0 +1,3 @@
+RSpec.configure do |config|
+  config.include Rack::Test::Methods # , type: :component <- this bypasses the email empty, but cannot read last_response method
+end