From a2800079645c7dd240657969c2825a413a7b1d3f Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Wed, 26 Dec 2012 20:30:05 +0600 Subject: [PATCH] [refs #796] add more specs --- spec/integration/api_defender_spec.rb | 47 +++++++++++++++++++++------ 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/spec/integration/api_defender_spec.rb b/spec/integration/api_defender_spec.rb index ab778bf65..f1597eb0a 100644 --- a/spec/integration/api_defender_spec.rb +++ b/spec/integration/api_defender_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe ApiDefender do def get_basic_auth user = @user, by_token = false u,pass = if by_token - [user.authenticate_token, ''] + [user.authentication_token, ''] else [user.uname, '123456'] end @@ -14,8 +14,9 @@ describe ApiDefender do stub_symlink_methods && stub_redis @redis = Redis.new @password = '123456' + @rate_limit = 3 # dont forget change in max_per_window - ApiDefender.class_eval { def cache; Redis.new; end } + ApiDefender.class_eval("def cache; Redis.new; end; def max_per_window; return #{@rate_limit}; end;") end before(:each) do @@ -28,30 +29,56 @@ describe ApiDefender do it "should return the total limit" do get "/api/v1/users/#{@user.id}.json" - response.headers['X-RateLimit-Limit'].should == '500' - + response.headers['X-RateLimit-Limit'].should == @rate_limit.to_s end - it "should return the correct limit usage" do + it "should return the correct limit usage for anonymous user" do get "/api/v1/users/#{@user.id}.json" - response.headers['X-RateLimit-Remaining'].should == '499' + response.headers['X-RateLimit-Remaining'].should == (@rate_limit-1).to_s end it "should return the correct limit usage for auth user" do - # get "/api/v1/users/#{@user.id}.json" get("/api/v1/users/#{@user.id}.json", {'HTTP_AUTHORIZATION' => get_basic_auth}) - response.headers['X-RateLimit-Remaining'].should == '499' + response.headers['X-RateLimit-Remaining'].should == (@rate_limit-1).to_s end it "should return the correct limit usage for auth user after anonymous access" do get "/api/v1/users/#{@user.id}.json" get("/api/v1/users/#{@user.id}.json", {}, {'HTTP_AUTHORIZATION' => get_basic_auth}) - response.headers['X-RateLimit-Remaining'].should == '499' + response.headers['X-RateLimit-Remaining'].should == (@rate_limit-1).to_s end it "should return the correct limit usage for anonymous user after authenticated access" do get("/api/v1/users/#{@user.id}.json", {}, {'HTTP_AUTHORIZATION' => get_basic_auth}) get "/api/v1/users/#{@user.id}.json" - response.headers['X-RateLimit-Remaining'].should == '498' + response.headers['X-RateLimit-Remaining'].should == (@rate_limit-2).to_s + end + + it "should forbidden anonymous user after exceeding limit rate" do + (@rate_limit+1).times {get "/api/v1/users/#{@user.id}.json"} + response.status.should == 403 + end + + it "should forbidden user after exceeding limit rate" do + (@rate_limit+1).times {get "/api/v1/users/#{@user.id}.json", {}, {'HTTP_AUTHORIZATION' => get_basic_auth}} + response.status.should == 403 + end + + it "should not forbidden user after exceeding limit rate of the anonymous" do + (@rate_limit+1).times {get "/api/v1/users/#{@user.id}.json"} + get("/api/v1/users/#{@user.id}.json", {}, {'HTTP_AUTHORIZATION' => get_basic_auth}) + response.status.should == 200 + end + + it "should not return the limit usage for system user" do + get("/api/v1/users/#{@user.id}.json", {}, {'HTTP_AUTHORIZATION' => get_basic_auth(@system_user, true)}) + response.headers['X-RateLimit-Limit'].should_not == @rate_limit.to_s + end + + it "should not forbidden system user" do + (@rate_limit+1).times do + get "/api/v1/users/#{@user.id}.json", {}, {'HTTP_AUTHORIZATION' => get_basic_auth(@system_user, true)} + end + response.status.should == 200 end end