baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Submit social housing lettings and sales data (CORE)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1255 Commits
233 Branches
250 Tags
74 MiB
 
 
 
 
Tree: e6f1672fe4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e6f1672fe4'
${ noResults }
submit-social-housing-letti.../spec/requests/rack_attack_spec.rb

105 lines
3.1 KiB
Raw Blame History

require "rails_helper"
require_relative "../support/devise"
require "rack/attack"
describe "Rack::Attack" do
let(:limit) { 5 }
let(:under_limit) { limit / 2 }
let(:over_limit) { limit + 1 }
let(:page) { Capybara::Node::Simple.new(response.body) }
let(:notify_client) { instance_double(Notifications::Client) }
let(:devise_notify_mailer) { DeviseNotifyMailer.new }
let(:params) { { user: { email: } } }
let(:admin_params) { { admin_user: { email: admin_email } } }
let(:user) { FactoryBot.create(:user) }
let(:admin_user) { FactoryBot.create(:admin_user) }
let(:email) { user.email }
let(:admin_email) { admin_user.email }
before do
Rack::Attack.enabled = true
allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer)
allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client)
allow(notify_client).to receive(:send_email).and_return(true)
end
after do
Rack::Attack.enabled = false
Rack::Attack.reset!
end
context "when a password reset is requested" do
context "when the number of requests is under the throttle limit" do
it "does not throttle for a regular user" do
under_limit.times do
post "/account/password", params: params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(200)
end
it "does not throttle for an admin user" do
under_limit.times do
post "/admin/password", params: admin_params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(200)
end
end
context "when the number of requests is at the throttle limit" do
it "does not throttle for a regular user" do
limit.times do
post "/account/password", params: params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(200)
end
it "does not throttle for an admin user" do
limit.times do
post "/admin/password", params: admin_params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(200)
end
it "does not throttle if both endpoints are hit" do
limit.times do
post "/account/password", params: params
follow_redirect!
post "/admin/password", params: admin_params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(200)
end
end
context "when the number of requests is over the throttle limit" do
it "throttles for a regular user" do
over_limit.times do
post "/account/password", params: params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(429)
end
it "throttles for an admin user" do
over_limit.times do
post "/admin/password", params: admin_params
follow_redirect!
end
last_response = response
expect(last_response.status).to eq(429)
end
end
end
end