diff --git a/ee/spec/controllers/ee/search_controller_spec.rb b/ee/spec/controllers/ee/search_controller_spec.rb index 8ce61f1ae1f2e6dc39fcf7a4eb2dfeef1aab3123..8b66d1118a09eccd4b712249ef757e0bad45adb4 100644 --- a/ee/spec/controllers/ee/search_controller_spec.rb +++ b/ee/spec/controllers/ee/search_controller_spec.rb @@ -231,7 +231,7 @@ it_behaves_like 'support for elasticsearch timeouts', :aggregations, { search: 'hello', scope: 'blobs' }, :search_aggregations, :html - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request diff --git a/ee/spec/requests/api/code_suggestions_spec.rb b/ee/spec/requests/api/code_suggestions_spec.rb index 2701441cbbf09ab88ee95fbd729b3daaf896dbb5..3256d93a1ae06339503585b2dda35830f386d2c0 100644 --- a/ee/spec/requests/api/code_suggestions_spec.rb +++ b/ee/spec/requests/api/code_suggestions_spec.rb @@ -145,7 +145,7 @@ end shared_examples_for 'rate limited and tracked endpoint' do |rate_limit_key:, event_name:, metrics_names:| - it_behaves_like 'rate limited endpoint', rate_limit_key: rate_limit_key + it_behaves_like 'rate limited endpoint', rate_limit_key: rate_limit_key, use_second_scope: false it 'tracks rate limit exceeded event' do allow(Gitlab::ApplicationRateLimiter).to receive(:throttled_request?).and_return(true) diff --git a/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb b/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb index 46e3805134dd42c1392a061ea33d2ca168f6571f..8e085ae1ede5ba94bf53b2c3aa1b122a294eb8a2 100644 --- a/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb +++ b/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb @@ -201,7 +201,7 @@ it_behaves_like 'successful send request via workhorse' - it_behaves_like 'rate limited endpoint', rate_limit_key: :code_suggestions_x_ray_scan do + it_behaves_like 'rate limited endpoint', rate_limit_key: :code_suggestions_x_ray_scan, use_second_scope: false do def request post api(api_url), params: params, headers: headers end @@ -404,7 +404,9 @@ def request it_behaves_like 'successful request' - it_behaves_like 'rate limited endpoint', rate_limit_key: :code_suggestions_x_ray_dependencies do + it_behaves_like 'rate limited endpoint', + rate_limit_key: :code_suggestions_x_ray_dependencies, + use_second_scope: false do def request post api(api_url), params: params, headers: headers end diff --git a/ee/spec/requests/api/security/vulnerability_scanning/sbom_scans_spec.rb b/ee/spec/requests/api/security/vulnerability_scanning/sbom_scans_spec.rb index 2f58e79fb453c7b5e4972089041a850192894d58..aa8b763e4b47c2e0ac1ad33eedfa75f59e3762f5 100644 --- a/ee/spec/requests/api/security/vulnerability_scanning/sbom_scans_spec.rb +++ b/ee/spec/requests/api/security/vulnerability_scanning/sbom_scans_spec.rb @@ -34,7 +34,8 @@ expect(response.content_type).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :dependency_scanning_sbom_scan_api_upload do + it_behaves_like 'rate limited endpoint', rate_limit_key: :dependency_scanning_sbom_scan_api_upload, + use_second_scope: false do def request post api(api_path), params: params, headers: headers.merge(workhorse_headers) end @@ -432,7 +433,8 @@ def request stub_licensed_features(dependency_scanning: true) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :dependency_scanning_sbom_scan_api_download do + it_behaves_like 'rate limited endpoint', rate_limit_key: :dependency_scanning_sbom_scan_api_download, + use_second_scope: false do def request get api("/jobs/#{job.id}/sbom_scans/#{sbom_scan.id}"), params: params, headers: headers end diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index f3117f6a0445c5ef82902d6ba8daa7da4786fbae..3c3aaf855931ed8746ffb3575bdec93e206e7ae1 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -238,7 +238,7 @@ end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :autocomplete_users do + it_behaves_like 'rate limited endpoint', rate_limit_key: :autocomplete_users, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/controllers/import/fogbugz_controller_spec.rb b/spec/controllers/import/fogbugz_controller_spec.rb index cfd3bd6981cb179a42d2f7e32d02dd8564e1c245..b31b4f505383a09f3cc9dfbf6db16ce761d014a0 100644 --- a/spec/controllers/import/fogbugz_controller_spec.rb +++ b/spec/controllers/import/fogbugz_controller_spec.rb @@ -87,7 +87,7 @@ end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :fogbugz_import, with_redirect: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :fogbugz_import, with_redirect: true, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/controllers/import/gitea_controller_spec.rb b/spec/controllers/import/gitea_controller_spec.rb index 63b8206cb69bcdcb6ba98bbb34d97c894489a2ae..22df601fb95aedd25ce03a7ff5f7379fceef002f 100644 --- a/spec/controllers/import/gitea_controller_spec.rb +++ b/spec/controllers/import/gitea_controller_spec.rb @@ -107,7 +107,7 @@ def assign_host_url end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :gitea_import, with_redirect: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :gitea_import, with_redirect: true, use_second_scope: false do let(:token) { 'gitea token' } let(:current_user) { user } diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb index 88d034f45586556478d8bbaa5b37fe7ca2ff254d..8307c5c0e8c3492889b2ceb6ddbc00a0348e3c4b 100644 --- a/spec/controllers/search_controller_spec.rb +++ b/spec/controllers/search_controller_spec.rb @@ -397,7 +397,7 @@ end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -583,7 +583,7 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -619,7 +619,7 @@ def request it_behaves_like 'rate limit scope handling', :autocomplete, { term: 'hello' } - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -806,7 +806,8 @@ def request end with_them do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, + use_second_scope: false do def request get endpoint, params: params.merge(project_id: project.id) end diff --git a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb index 3bcb98572c3287a229fcb2a3a026f4a67af2e9c3..a3f5cd7e967ca530ae65efeb4f0ad3eb4608ba26 100644 --- a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb +++ b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb @@ -105,7 +105,7 @@ end describe 'POST /api/v4/jobs/:id/artifacts/authorize' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api do let(:job2) { create(:ci_build, :pending, user: user, project: project, pipeline: pipeline, runner_id: runner.id) } def request @@ -313,7 +313,7 @@ def authorize_artifacts_with_token_in_headers(params = {}, request_headers = hea let(:request) { upload_artifacts(file_upload, headers) } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api do let(:job2) { create(:ci_build, :running, user: user, project: project, pipeline: pipeline, runner_id: runner.id) } def request @@ -987,7 +987,7 @@ def expect_use_primary let(:request) { download_artifact } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api do let(:current_user) { user } let(:job2) { create(:ci_build, :pending, user: user, project: project, pipeline: pipeline, runner_id: runner.id) } diff --git a/spec/requests/api/ci/runner/jobs_put_spec.rb b/spec/requests/api/ci/runner/jobs_put_spec.rb index a37148728c3f2d6f50c1b27aeb473c8157377947..049e517b365356a8c91ba28430659bd101c7303a 100644 --- a/spec/requests/api/ci/runner/jobs_put_spec.rb +++ b/spec/requests/api/ci/runner/jobs_put_spec.rb @@ -40,7 +40,7 @@ let(:request) { update_job(state: 'success') } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api do let(:job2) do create(:ci_build, :pending, user: user, project: project, pipeline: pipeline, runner_id: runner.id) end diff --git a/spec/requests/api/ci/runner/jobs_request_post_spec.rb b/spec/requests/api/ci/runner/jobs_request_post_spec.rb index ed8bf0afc283283fd9ab2dbf1e2cbd71148987ec..963325ab0341f2c2bbc76532663cabcd374e6129 100644 --- a/spec/requests/api/ci/runner/jobs_request_post_spec.rb +++ b/spec/requests/api/ci/runner/jobs_request_post_spec.rb @@ -107,7 +107,7 @@ let(:request) { post api('/jobs/request') } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_request_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_request_api do let(:runner2) { create(:ci_runner, :project, projects: [project]) } def request diff --git a/spec/requests/api/ci/runner/jobs_trace_spec.rb b/spec/requests/api/ci/runner/jobs_trace_spec.rb index a7f39c5608121eca10df951c8d3a3701b8dc5648..5d01ba238601003abc17fde614cbde787bc5b1b8 100644 --- a/spec/requests/api/ci/runner/jobs_trace_spec.rb +++ b/spec/requests/api/ci/runner/jobs_trace_spec.rb @@ -44,7 +44,7 @@ } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_patch_trace_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_patch_trace_api do let(:job2) { create(:ci_build, *job_traits, **job_args) } def request diff --git a/spec/requests/api/graphql/issues_spec.rb b/spec/requests/api/graphql/issues_spec.rb index 09d38d31566fa1fe3f9eeaea62ddf6f649b74c4e..40298e9505661410e50b5873d09b8890bc8c838c 100644 --- a/spec/requests/api/graphql/issues_spec.rb +++ b/spec/requests/api/graphql/issues_spec.rb @@ -241,7 +241,8 @@ def pagination_query(params) end context 'with rate limiting' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, graphql: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, graphql: true, + use_second_scope: false do let_it_be(:current_user) { developer } let(:error_message) do @@ -253,7 +254,8 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, graphql: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, + graphql: true, use_second_scope: false do let_it_be(:current_user) { nil } let(:error_message) do diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 8edc8d50b467937d51c6d829d5a544aaead2b4a0..05565be608e317bab1fd436262f4b31d800320ad 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -133,7 +133,7 @@ def expect_log_keys(caller_id:, route:, root_namespace:) end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :groups_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :groups_api, use_second_scope: false do def request get api("/groups") end @@ -638,7 +638,7 @@ def response_project_ids(json_response, key) end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :group_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :group_api, use_second_scope: false do def request get api("/groups/#{group2.id}") end @@ -1555,7 +1555,7 @@ def make_upload_request end describe "GET /groups/:id/projects" do - it_behaves_like 'rate limited endpoint', rate_limit_key: :group_projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :group_projects_api, use_second_scope: false do def request get api("/groups/#{group1.id}/projects") end @@ -2168,7 +2168,7 @@ def request create(:group_group_link, shared_group: other_group, shared_with_group: main_group) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :group_shared_groups_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :group_shared_groups_api, use_second_scope: false do def request get api(path) end @@ -2455,7 +2455,7 @@ def request create(:group_group_link, shared_group: main_group, shared_with_group: other_group) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :group_invited_groups_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :group_invited_groups_api, use_second_scope: false do def request get api(path) end diff --git a/spec/requests/api/members_spec.rb b/spec/requests/api/members_spec.rb index 6e07188536d82e06d13b29aa6e250a1a43a9d0f0..77ec794e9cf407c0428332022ceee9e61f88b63c 100644 --- a/spec/requests/api/members_spec.rb +++ b/spec/requests/api/members_spec.rb @@ -553,7 +553,7 @@ end.to change { source.members.count }.by(-1) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :members_delete do + it_behaves_like 'rate limited endpoint', rate_limit_key: :members_delete, use_second_scope: false do let(:current_user) { maintainer } let(:another_member) { create(:user) } diff --git a/spec/requests/api/namespaces_spec.rb b/spec/requests/api/namespaces_spec.rb index 6fef01e30977a59f07ef3a4f6ce8435093ed84fa..eeeb6b5e40dd1c4ed8e6492778403aaf457600c3 100644 --- a/spec/requests/api/namespaces_spec.rb +++ b/spec/requests/api/namespaces_spec.rb @@ -383,7 +383,7 @@ end context 'when authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :namespace_exists do + it_behaves_like 'rate limited endpoint', rate_limit_key: :namespace_exists, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/requests/api/organizations_spec.rb b/spec/requests/api/organizations_spec.rb index c6ea85de71ee04c141f0c0f4a2c6e8ab0eb28a6e..e76ee7ad3bf2a15085d3cedb9eaba031eedff7e1 100644 --- a/spec/requests/api/organizations_spec.rb +++ b/spec/requests/api/organizations_spec.rb @@ -92,7 +92,7 @@ def make_upload_request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :create_organization_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :create_organization_api, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index e1249c941e69dc774a6a4a3773450be8789d04e7..ad67ca6a22d656c283a641b0925e5eccd8211194 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -1322,7 +1322,7 @@ let_it_be(:current_user) { create(:user) } context 'when the user is signed in' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :projects_api, use_second_scope: false do def request get api(path, current_user) end @@ -1332,7 +1332,7 @@ def request context 'when the user is not signed in' do let_it_be(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :projects_api_rate_limit_unauthenticated do + it_behaves_like 'rate limited endpoint', rate_limit_key: :projects_api_rate_limit_unauthenticated, use_second_scope: false do def request get api(path, current_user) end @@ -1835,7 +1835,7 @@ def request expect(json_response.map { |project| project['id'] }).to contain_exactly(public_project.id) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_projects_api, use_second_scope: false do def request get api("/users/#{user4.id}/projects/") end @@ -1982,7 +1982,7 @@ def request expect(json_response['message']).to eq('404 User Not Found') end - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_starred_projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_starred_projects_api, use_second_scope: false do def request get api(path) end @@ -2069,7 +2069,7 @@ def request expect(json_response['message']).to eq('404 User Not Found') end - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_contributed_projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_contributed_projects_api, use_second_scope: false do def request get api(path) end @@ -2592,7 +2592,7 @@ def request let(:failed_status_code) { :not_found } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :project_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :project_api, use_second_scope: false do def request get api(path) end @@ -3847,7 +3847,7 @@ def failure_message(diff) create(:project_group_link, group: direct_group2, project: main_project) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :project_invited_groups_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :project_invited_groups_api, use_second_scope: false do def request get api(path) end diff --git a/spec/requests/api/search_spec.rb b/spec/requests/api/search_spec.rb index 3fc6ffce5720ff25f49ae999625661f5259a779e..452043b6df82f359adc9dfad6bcbe88081ce21c7 100644 --- a/spec/requests/api/search_spec.rb +++ b/spec/requests/api/search_spec.rb @@ -473,7 +473,7 @@ end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -663,7 +663,7 @@ def request it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -1061,7 +1061,7 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 53fe235577027121a93bce4673b2422aa9ee7cfc..7424fd321c394dc34f04f9807cf74f4da6c4b11b 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -1111,7 +1111,7 @@ let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_status do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_status, use_second_scope: false do def request get api(path, current_user) end @@ -1121,7 +1121,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_status do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_status, use_second_scope: false do def request get api(path, current_user) end @@ -1257,7 +1257,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_followers do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_followers, use_second_scope: false do def request get api(path, current_user) end @@ -1324,7 +1324,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_following do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_following, use_second_scope: false do def request get api(path, current_user) end @@ -2602,7 +2602,7 @@ def update_password(user, admin, password = User.random_password) let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_keys do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_keys, use_second_scope: false do def request get api(path, current_user) end @@ -2612,7 +2612,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_keys do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_keys, use_second_scope: false do def request get api(path, current_user) end @@ -2691,7 +2691,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_key do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_key, use_second_scope: false do def request get api(path, current_user) end @@ -2701,7 +2701,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_key do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_key, use_second_scope: false do def request get api(path, current_user) end @@ -2810,7 +2810,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_keys do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_keys, use_second_scope: false do def request get api(path, current_user) end @@ -2820,7 +2820,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_keys do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_keys, use_second_scope: false do def request get api(path, current_user) end @@ -2860,7 +2860,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_key do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_key, use_second_scope: false do def request get api(path, current_user) end @@ -2870,7 +2870,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_key do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_key, use_second_scope: false do def request get api(path, current_user) end diff --git a/spec/requests/dashboard_controller_spec.rb b/spec/requests/dashboard_controller_spec.rb index 2d98e6e455cb14396e8ef246427f26c059b5e640..7f5f0cac71c39967ecaa40e8067147e5f38724a3 100644 --- a/spec/requests/dashboard_controller_spec.rb +++ b/spec/requests/dashboard_controller_spec.rb @@ -14,7 +14,7 @@ end context 'issues dashboard' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let_it_be(:current_user) { create(:user) } before do @@ -34,7 +34,7 @@ def request sign_in current_user end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do def request get merge_requests_dashboard_path, params: { scope: 'all', search: 'test' } end @@ -48,7 +48,7 @@ def request end context 'search merge requests dashboard' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let_it_be(:current_user) { create(:user) } before do diff --git a/spec/requests/projects/commit_controller_spec.rb b/spec/requests/projects/commit_controller_spec.rb index a806feb2006ef208f81c1c60be7ded4c301d3565..404b636746fb0d93059a752585690913975f2963 100644 --- a/spec/requests/projects/commit_controller_spec.rb +++ b/spec/requests/projects/commit_controller_spec.rb @@ -164,7 +164,7 @@ end context 'with signed in user' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :expanded_diff_files do + it_behaves_like 'rate limited endpoint', rate_limit_key: :expanded_diff_files, use_second_scope: false do let_it_be(:current_user) { user } before do @@ -178,7 +178,7 @@ def request end context 'without a signed in user' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :expanded_diff_files do + it_behaves_like 'rate limited endpoint', rate_limit_key: :expanded_diff_files, use_second_scope: false do let_it_be(:project) { create(:project, :public, :repository) } let(:request_ip) { '1.2.3.4' } diff --git a/spec/requests/projects/merge_requests_controller_spec.rb b/spec/requests/projects/merge_requests_controller_spec.rb index e5b44f1ebec882436e3152a24420aa9147c017c5..7e9b99586f7b7d655f4c78411a512683b8546979 100644 --- a/spec/requests/projects/merge_requests_controller_spec.rb +++ b/spec/requests/projects/merge_requests_controller_spec.rb @@ -95,7 +95,7 @@ describe 'GET #index' do let_it_be(:public_project) { create(:project, :public) } - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let_it_be(:current_user) { user } before do @@ -107,7 +107,8 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, + use_second_scope: false do def request get project_merge_requests_path(public_project), params: { scope: 'all', search: 'test' } end diff --git a/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb b/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb index dfd1c52b9f43f30c085b5f95b823ffd57a919511..acab54c9a34818f0ecd14e057a8988ea3e298cc6 100644 --- a/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb +++ b/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb @@ -8,9 +8,16 @@ # - error_message # optional RSpec.shared_examples 'rate limited endpoint' do |rate_limit_key:, graphql: false, with_redirect: false, - use_second_scope: false| + use_second_scope: true| let(:error_message) { _('This endpoint has been requested too many times. Try again later.') } + before do + if use_second_scope && !respond_to?(:request_with_second_scope) + raise "The 'rate limited endpoint' shared example requires a 'request_with_second_scope' method " \ + "when use_second_scope is true. Please define this method in your test context." + end + end + context 'when rate limiter enabled', :freeze_time, :clean_gitlab_redis_rate_limiting do let(:expected_logger_attributes) do { diff --git a/spec/support/shared_examples/controllers/search_rate_limit_shared_examples.rb b/spec/support/shared_examples/controllers/search_rate_limit_shared_examples.rb index aefcdc70082b718245609f60c4cf23591c416e20..4a2002bf3e64946fc5cd01bf08fe171cbca043f3 100644 --- a/spec/support/shared_examples/controllers/search_rate_limit_shared_examples.rb +++ b/spec/support/shared_examples/controllers/search_rate_limit_shared_examples.rb @@ -5,7 +5,7 @@ # - params RSpec.shared_examples 'search request exceeding rate limit' do - include_examples 'rate limited endpoint', rate_limit_key: :search_rate_limit + include_examples 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false it 'allows user in allow-list to search without applying rate limit', :freeze_time, :clean_gitlab_redis_rate_limiting do diff --git a/spec/support/shared_examples/requests/api/hooks_shared_examples.rb b/spec/support/shared_examples/requests/api/hooks_shared_examples.rb index 677867f29a43b90af1679fc62db63ae223bf5893..eb158449a7f847297acb56effc86e15f5208c033 100644 --- a/spec/support/shared_examples/requests/api/hooks_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/hooks_shared_examples.rb @@ -670,7 +670,7 @@ def hook_param_overrides stub_full_request(hook.url, method: :post).to_return(status: 200) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :web_hook_test do + it_behaves_like 'rate limited endpoint', rate_limit_key: :web_hook_test, use_second_scope: false do let(:current_user) { user } def request @@ -901,7 +901,7 @@ def request let_it_be(:log) { create(:web_hook_log, web_hook: hook, response_status: '404') } - it_behaves_like 'rate limited endpoint', rate_limit_key: :web_hook_event_resend do + it_behaves_like 'rate limited endpoint', rate_limit_key: :web_hook_event_resend, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/support/shared_examples/requests/api/issuable_search_shared_examples.rb b/spec/support/shared_examples/requests/api/issuable_search_shared_examples.rb index f06a80375e8d83c6efdd8fdc981f66f4f6a43960..0eff2e9ac5d8a79947fe35564c948089d1e5bc99 100644 --- a/spec/support/shared_examples/requests/api/issuable_search_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/issuable_search_shared_examples.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true RSpec.shared_examples 'issuable API rate-limited search' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -9,7 +9,8 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, + use_second_scope: false do def request get api(url), params: { scope: 'all', search: issuable.title } end