From 73a05308a73ccbccd9d201396ef3fed91cd7a378 Mon Sep 17 00:00:00 2001 From: Pedro Pombeiro Date: Sat, 27 Sep 2025 06:58:45 +0200 Subject: [PATCH] Default to require second scope on rate limiter specs --- .../controllers/ee/search_controller_spec.rb | 2 +- ee/spec/requests/api/code_suggestions_spec.rb | 2 +- .../api/internal/ai/x_ray/scan_spec.rb | 6 +++-- .../vulnerability_scanning/sbom_scans_spec.rb | 6 +++-- .../autocomplete_controller_spec.rb | 2 +- .../import/fogbugz_controller_spec.rb | 2 +- .../import/gitea_controller_spec.rb | 2 +- spec/controllers/search_controller_spec.rb | 9 +++---- .../api/ci/runner/jobs_artifacts_spec.rb | 6 ++--- spec/requests/api/ci/runner/jobs_put_spec.rb | 2 +- .../api/ci/runner/jobs_request_post_spec.rb | 2 +- .../requests/api/ci/runner/jobs_trace_spec.rb | 2 +- spec/requests/api/graphql/issues_spec.rb | 6 +++-- spec/requests/api/groups_spec.rb | 10 ++++---- spec/requests/api/members_spec.rb | 2 +- spec/requests/api/namespaces_spec.rb | 2 +- spec/requests/api/organizations_spec.rb | 2 +- spec/requests/api/projects_spec.rb | 14 +++++------ spec/requests/api/search_spec.rb | 6 ++--- spec/requests/api/users_spec.rb | 24 +++++++++---------- spec/requests/dashboard_controller_spec.rb | 6 ++--- .../projects/commit_controller_spec.rb | 4 ++-- .../merge_requests_controller_spec.rb | 5 ++-- .../rate_limited_endpoint_shared_examples.rb | 9 ++++++- .../search_rate_limit_shared_examples.rb | 2 +- .../requests/api/hooks_shared_examples.rb | 4 ++-- .../api/issuable_search_shared_examples.rb | 5 ++-- 27 files changed, 80 insertions(+), 64 deletions(-) diff --git a/ee/spec/controllers/ee/search_controller_spec.rb b/ee/spec/controllers/ee/search_controller_spec.rb index 8ce61f1ae1f2e6..8b66d1118a09ec 100644 --- a/ee/spec/controllers/ee/search_controller_spec.rb +++ b/ee/spec/controllers/ee/search_controller_spec.rb @@ -231,7 +231,7 @@ it_behaves_like 'support for elasticsearch timeouts', :aggregations, { search: 'hello', scope: 'blobs' }, :search_aggregations, :html - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request diff --git a/ee/spec/requests/api/code_suggestions_spec.rb b/ee/spec/requests/api/code_suggestions_spec.rb index 2701441cbbf09a..3256d93a1ae063 100644 --- a/ee/spec/requests/api/code_suggestions_spec.rb +++ b/ee/spec/requests/api/code_suggestions_spec.rb @@ -145,7 +145,7 @@ end shared_examples_for 'rate limited and tracked endpoint' do |rate_limit_key:, event_name:, metrics_names:| - it_behaves_like 'rate limited endpoint', rate_limit_key: rate_limit_key + it_behaves_like 'rate limited endpoint', rate_limit_key: rate_limit_key, use_second_scope: false it 'tracks rate limit exceeded event' do allow(Gitlab::ApplicationRateLimiter).to receive(:throttled_request?).and_return(true) diff --git a/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb b/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb index 46e3805134dd42..8e085ae1ede5ba 100644 --- a/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb +++ b/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb @@ -201,7 +201,7 @@ it_behaves_like 'successful send request via workhorse' - it_behaves_like 'rate limited endpoint', rate_limit_key: :code_suggestions_x_ray_scan do + it_behaves_like 'rate limited endpoint', rate_limit_key: :code_suggestions_x_ray_scan, use_second_scope: false do def request post api(api_url), params: params, headers: headers end @@ -404,7 +404,9 @@ def request it_behaves_like 'successful request' - it_behaves_like 'rate limited endpoint', rate_limit_key: :code_suggestions_x_ray_dependencies do + it_behaves_like 'rate limited endpoint', + rate_limit_key: :code_suggestions_x_ray_dependencies, + use_second_scope: false do def request post api(api_url), params: params, headers: headers end diff --git a/ee/spec/requests/api/security/vulnerability_scanning/sbom_scans_spec.rb b/ee/spec/requests/api/security/vulnerability_scanning/sbom_scans_spec.rb index 2f58e79fb453c7..aa8b763e4b47c2 100644 --- a/ee/spec/requests/api/security/vulnerability_scanning/sbom_scans_spec.rb +++ b/ee/spec/requests/api/security/vulnerability_scanning/sbom_scans_spec.rb @@ -34,7 +34,8 @@ expect(response.content_type).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :dependency_scanning_sbom_scan_api_upload do + it_behaves_like 'rate limited endpoint', rate_limit_key: :dependency_scanning_sbom_scan_api_upload, + use_second_scope: false do def request post api(api_path), params: params, headers: headers.merge(workhorse_headers) end @@ -432,7 +433,8 @@ def request stub_licensed_features(dependency_scanning: true) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :dependency_scanning_sbom_scan_api_download do + it_behaves_like 'rate limited endpoint', rate_limit_key: :dependency_scanning_sbom_scan_api_download, + use_second_scope: false do def request get api("/jobs/#{job.id}/sbom_scans/#{sbom_scan.id}"), params: params, headers: headers end diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index f3117f6a0445c5..3c3aaf855931ed 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -238,7 +238,7 @@ end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :autocomplete_users do + it_behaves_like 'rate limited endpoint', rate_limit_key: :autocomplete_users, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/controllers/import/fogbugz_controller_spec.rb b/spec/controllers/import/fogbugz_controller_spec.rb index cfd3bd6981cb17..b31b4f505383a0 100644 --- a/spec/controllers/import/fogbugz_controller_spec.rb +++ b/spec/controllers/import/fogbugz_controller_spec.rb @@ -87,7 +87,7 @@ end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :fogbugz_import, with_redirect: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :fogbugz_import, with_redirect: true, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/controllers/import/gitea_controller_spec.rb b/spec/controllers/import/gitea_controller_spec.rb index 63b8206cb69bcd..22df601fb95aed 100644 --- a/spec/controllers/import/gitea_controller_spec.rb +++ b/spec/controllers/import/gitea_controller_spec.rb @@ -107,7 +107,7 @@ def assign_host_url end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :gitea_import, with_redirect: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :gitea_import, with_redirect: true, use_second_scope: false do let(:token) { 'gitea token' } let(:current_user) { user } diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb index 88d034f4558655..8307c5c0e8c349 100644 --- a/spec/controllers/search_controller_spec.rb +++ b/spec/controllers/search_controller_spec.rb @@ -397,7 +397,7 @@ end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -583,7 +583,7 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -619,7 +619,7 @@ def request it_behaves_like 'rate limit scope handling', :autocomplete, { term: 'hello' } - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -806,7 +806,8 @@ def request end with_them do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, + use_second_scope: false do def request get endpoint, params: params.merge(project_id: project.id) end diff --git a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb index 3bcb98572c3287..a3f5cd7e967ca5 100644 --- a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb +++ b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb @@ -105,7 +105,7 @@ end describe 'POST /api/v4/jobs/:id/artifacts/authorize' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api do let(:job2) { create(:ci_build, :pending, user: user, project: project, pipeline: pipeline, runner_id: runner.id) } def request @@ -313,7 +313,7 @@ def authorize_artifacts_with_token_in_headers(params = {}, request_headers = hea let(:request) { upload_artifacts(file_upload, headers) } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api do let(:job2) { create(:ci_build, :running, user: user, project: project, pipeline: pipeline, runner_id: runner.id) } def request @@ -987,7 +987,7 @@ def expect_use_primary let(:request) { download_artifact } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api do let(:current_user) { user } let(:job2) { create(:ci_build, :pending, user: user, project: project, pipeline: pipeline, runner_id: runner.id) } diff --git a/spec/requests/api/ci/runner/jobs_put_spec.rb b/spec/requests/api/ci/runner/jobs_put_spec.rb index a37148728c3f2d..049e517b365356 100644 --- a/spec/requests/api/ci/runner/jobs_put_spec.rb +++ b/spec/requests/api/ci/runner/jobs_put_spec.rb @@ -40,7 +40,7 @@ let(:request) { update_job(state: 'success') } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_api do let(:job2) do create(:ci_build, :pending, user: user, project: project, pipeline: pipeline, runner_id: runner.id) end diff --git a/spec/requests/api/ci/runner/jobs_request_post_spec.rb b/spec/requests/api/ci/runner/jobs_request_post_spec.rb index ed8bf0afc28328..963325ab0341f2 100644 --- a/spec/requests/api/ci/runner/jobs_request_post_spec.rb +++ b/spec/requests/api/ci/runner/jobs_request_post_spec.rb @@ -107,7 +107,7 @@ let(:request) { post api('/jobs/request') } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_request_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_request_api do let(:runner2) { create(:ci_runner, :project, projects: [project]) } def request diff --git a/spec/requests/api/ci/runner/jobs_trace_spec.rb b/spec/requests/api/ci/runner/jobs_trace_spec.rb index a7f39c5608121e..5d01ba23860100 100644 --- a/spec/requests/api/ci/runner/jobs_trace_spec.rb +++ b/spec/requests/api/ci/runner/jobs_trace_spec.rb @@ -44,7 +44,7 @@ } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_patch_trace_api, use_second_scope: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :runner_jobs_patch_trace_api do let(:job2) { create(:ci_build, *job_traits, **job_args) } def request diff --git a/spec/requests/api/graphql/issues_spec.rb b/spec/requests/api/graphql/issues_spec.rb index 09d38d31566fa1..40298e95056614 100644 --- a/spec/requests/api/graphql/issues_spec.rb +++ b/spec/requests/api/graphql/issues_spec.rb @@ -241,7 +241,8 @@ def pagination_query(params) end context 'with rate limiting' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, graphql: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, graphql: true, + use_second_scope: false do let_it_be(:current_user) { developer } let(:error_message) do @@ -253,7 +254,8 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, graphql: true do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, + graphql: true, use_second_scope: false do let_it_be(:current_user) { nil } let(:error_message) do diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 8edc8d50b46793..05565be608e317 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -133,7 +133,7 @@ def expect_log_keys(caller_id:, route:, root_namespace:) end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :groups_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :groups_api, use_second_scope: false do def request get api("/groups") end @@ -638,7 +638,7 @@ def response_project_ids(json_response, key) end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :group_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :group_api, use_second_scope: false do def request get api("/groups/#{group2.id}") end @@ -1555,7 +1555,7 @@ def make_upload_request end describe "GET /groups/:id/projects" do - it_behaves_like 'rate limited endpoint', rate_limit_key: :group_projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :group_projects_api, use_second_scope: false do def request get api("/groups/#{group1.id}/projects") end @@ -2168,7 +2168,7 @@ def request create(:group_group_link, shared_group: other_group, shared_with_group: main_group) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :group_shared_groups_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :group_shared_groups_api, use_second_scope: false do def request get api(path) end @@ -2455,7 +2455,7 @@ def request create(:group_group_link, shared_group: main_group, shared_with_group: other_group) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :group_invited_groups_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :group_invited_groups_api, use_second_scope: false do def request get api(path) end diff --git a/spec/requests/api/members_spec.rb b/spec/requests/api/members_spec.rb index 6e07188536d82e..77ec794e9cf407 100644 --- a/spec/requests/api/members_spec.rb +++ b/spec/requests/api/members_spec.rb @@ -553,7 +553,7 @@ end.to change { source.members.count }.by(-1) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :members_delete do + it_behaves_like 'rate limited endpoint', rate_limit_key: :members_delete, use_second_scope: false do let(:current_user) { maintainer } let(:another_member) { create(:user) } diff --git a/spec/requests/api/namespaces_spec.rb b/spec/requests/api/namespaces_spec.rb index 6fef01e30977a5..eeeb6b5e40dd1c 100644 --- a/spec/requests/api/namespaces_spec.rb +++ b/spec/requests/api/namespaces_spec.rb @@ -383,7 +383,7 @@ end context 'when authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :namespace_exists do + it_behaves_like 'rate limited endpoint', rate_limit_key: :namespace_exists, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/requests/api/organizations_spec.rb b/spec/requests/api/organizations_spec.rb index c6ea85de71ee04..e76ee7ad3bf2a1 100644 --- a/spec/requests/api/organizations_spec.rb +++ b/spec/requests/api/organizations_spec.rb @@ -92,7 +92,7 @@ def make_upload_request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :create_organization_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :create_organization_api, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index e1249c941e69dc..ad67ca6a22d656 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -1322,7 +1322,7 @@ let_it_be(:current_user) { create(:user) } context 'when the user is signed in' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :projects_api, use_second_scope: false do def request get api(path, current_user) end @@ -1332,7 +1332,7 @@ def request context 'when the user is not signed in' do let_it_be(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :projects_api_rate_limit_unauthenticated do + it_behaves_like 'rate limited endpoint', rate_limit_key: :projects_api_rate_limit_unauthenticated, use_second_scope: false do def request get api(path, current_user) end @@ -1835,7 +1835,7 @@ def request expect(json_response.map { |project| project['id'] }).to contain_exactly(public_project.id) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_projects_api, use_second_scope: false do def request get api("/users/#{user4.id}/projects/") end @@ -1982,7 +1982,7 @@ def request expect(json_response['message']).to eq('404 User Not Found') end - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_starred_projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_starred_projects_api, use_second_scope: false do def request get api(path) end @@ -2069,7 +2069,7 @@ def request expect(json_response['message']).to eq('404 User Not Found') end - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_contributed_projects_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_contributed_projects_api, use_second_scope: false do def request get api(path) end @@ -2592,7 +2592,7 @@ def request let(:failed_status_code) { :not_found } end - it_behaves_like 'rate limited endpoint', rate_limit_key: :project_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :project_api, use_second_scope: false do def request get api(path) end @@ -3847,7 +3847,7 @@ def failure_message(diff) create(:project_group_link, group: direct_group2, project: main_project) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :project_invited_groups_api do + it_behaves_like 'rate limited endpoint', rate_limit_key: :project_invited_groups_api, use_second_scope: false do def request get api(path) end diff --git a/spec/requests/api/search_spec.rb b/spec/requests/api/search_spec.rb index 3fc6ffce5720ff..452043b6df82f3 100644 --- a/spec/requests/api/search_spec.rb +++ b/spec/requests/api/search_spec.rb @@ -473,7 +473,7 @@ end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -663,7 +663,7 @@ def request it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -1061,7 +1061,7 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 53fe2355770271..7424fd321c394d 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -1111,7 +1111,7 @@ let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_status do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_status, use_second_scope: false do def request get api(path, current_user) end @@ -1121,7 +1121,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_status do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_status, use_second_scope: false do def request get api(path, current_user) end @@ -1257,7 +1257,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_followers do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_followers, use_second_scope: false do def request get api(path, current_user) end @@ -1324,7 +1324,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_following do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_following, use_second_scope: false do def request get api(path, current_user) end @@ -2602,7 +2602,7 @@ def update_password(user, admin, password = User.random_password) let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_keys do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_keys, use_second_scope: false do def request get api(path, current_user) end @@ -2612,7 +2612,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_keys do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_keys, use_second_scope: false do def request get api(path, current_user) end @@ -2691,7 +2691,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_key do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_key, use_second_scope: false do def request get api(path, current_user) end @@ -2701,7 +2701,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_key do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_ssh_key, use_second_scope: false do def request get api(path, current_user) end @@ -2810,7 +2810,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_keys do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_keys, use_second_scope: false do def request get api(path, current_user) end @@ -2820,7 +2820,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_keys do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_keys, use_second_scope: false do def request get api(path, current_user) end @@ -2860,7 +2860,7 @@ def request let(:request) { get api(path, current_user) } context 'when user is authenticated' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_key do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_key, use_second_scope: false do def request get api(path, current_user) end @@ -2870,7 +2870,7 @@ def request context 'when user is unauthenticated' do let(:current_user) { nil } - it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_key do + it_behaves_like 'rate limited endpoint', rate_limit_key: :user_gpg_key, use_second_scope: false do def request get api(path, current_user) end diff --git a/spec/requests/dashboard_controller_spec.rb b/spec/requests/dashboard_controller_spec.rb index 2d98e6e455cb14..7f5f0cac71c399 100644 --- a/spec/requests/dashboard_controller_spec.rb +++ b/spec/requests/dashboard_controller_spec.rb @@ -14,7 +14,7 @@ end context 'issues dashboard' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let_it_be(:current_user) { create(:user) } before do @@ -34,7 +34,7 @@ def request sign_in current_user end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do def request get merge_requests_dashboard_path, params: { scope: 'all', search: 'test' } end @@ -48,7 +48,7 @@ def request end context 'search merge requests dashboard' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let_it_be(:current_user) { create(:user) } before do diff --git a/spec/requests/projects/commit_controller_spec.rb b/spec/requests/projects/commit_controller_spec.rb index a806feb2006ef2..404b636746fb0d 100644 --- a/spec/requests/projects/commit_controller_spec.rb +++ b/spec/requests/projects/commit_controller_spec.rb @@ -164,7 +164,7 @@ end context 'with signed in user' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :expanded_diff_files do + it_behaves_like 'rate limited endpoint', rate_limit_key: :expanded_diff_files, use_second_scope: false do let_it_be(:current_user) { user } before do @@ -178,7 +178,7 @@ def request end context 'without a signed in user' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :expanded_diff_files do + it_behaves_like 'rate limited endpoint', rate_limit_key: :expanded_diff_files, use_second_scope: false do let_it_be(:project) { create(:project, :public, :repository) } let(:request_ip) { '1.2.3.4' } diff --git a/spec/requests/projects/merge_requests_controller_spec.rb b/spec/requests/projects/merge_requests_controller_spec.rb index e5b44f1ebec882..7e9b99586f7b7d 100644 --- a/spec/requests/projects/merge_requests_controller_spec.rb +++ b/spec/requests/projects/merge_requests_controller_spec.rb @@ -95,7 +95,7 @@ describe 'GET #index' do let_it_be(:public_project) { create(:project, :public) } - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let_it_be(:current_user) { user } before do @@ -107,7 +107,8 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, + use_second_scope: false do def request get project_merge_requests_path(public_project), params: { scope: 'all', search: 'test' } end diff --git a/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb b/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb index dfd1c52b9f43f3..acab54c9a34818 100644 --- a/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb +++ b/spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb @@ -8,9 +8,16 @@ # - error_message # optional RSpec.shared_examples 'rate limited endpoint' do |rate_limit_key:, graphql: false, with_redirect: false, - use_second_scope: false| + use_second_scope: true| let(:error_message) { _('This endpoint has been requested too many times. Try again later.') } + before do + if use_second_scope && !respond_to?(:request_with_second_scope) + raise "The 'rate limited endpoint' shared example requires a 'request_with_second_scope' method " \ + "when use_second_scope is true. Please define this method in your test context." + end + end + context 'when rate limiter enabled', :freeze_time, :clean_gitlab_redis_rate_limiting do let(:expected_logger_attributes) do { diff --git a/spec/support/shared_examples/controllers/search_rate_limit_shared_examples.rb b/spec/support/shared_examples/controllers/search_rate_limit_shared_examples.rb index aefcdc70082b71..4a2002bf3e6494 100644 --- a/spec/support/shared_examples/controllers/search_rate_limit_shared_examples.rb +++ b/spec/support/shared_examples/controllers/search_rate_limit_shared_examples.rb @@ -5,7 +5,7 @@ # - params RSpec.shared_examples 'search request exceeding rate limit' do - include_examples 'rate limited endpoint', rate_limit_key: :search_rate_limit + include_examples 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false it 'allows user in allow-list to search without applying rate limit', :freeze_time, :clean_gitlab_redis_rate_limiting do diff --git a/spec/support/shared_examples/requests/api/hooks_shared_examples.rb b/spec/support/shared_examples/requests/api/hooks_shared_examples.rb index 677867f29a43b9..eb158449a7f847 100644 --- a/spec/support/shared_examples/requests/api/hooks_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/hooks_shared_examples.rb @@ -670,7 +670,7 @@ def hook_param_overrides stub_full_request(hook.url, method: :post).to_return(status: 200) end - it_behaves_like 'rate limited endpoint', rate_limit_key: :web_hook_test do + it_behaves_like 'rate limited endpoint', rate_limit_key: :web_hook_test, use_second_scope: false do let(:current_user) { user } def request @@ -901,7 +901,7 @@ def request let_it_be(:log) { create(:web_hook_log, web_hook: hook, response_status: '404') } - it_behaves_like 'rate limited endpoint', rate_limit_key: :web_hook_event_resend do + it_behaves_like 'rate limited endpoint', rate_limit_key: :web_hook_event_resend, use_second_scope: false do let(:current_user) { user } def request diff --git a/spec/support/shared_examples/requests/api/issuable_search_shared_examples.rb b/spec/support/shared_examples/requests/api/issuable_search_shared_examples.rb index f06a80375e8d83..0eff2e9ac5d8a7 100644 --- a/spec/support/shared_examples/requests/api/issuable_search_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/issuable_search_shared_examples.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true RSpec.shared_examples 'issuable API rate-limited search' do - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit, use_second_scope: false do let(:current_user) { user } def request @@ -9,7 +9,8 @@ def request end end - it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated do + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated, + use_second_scope: false do def request get api(url), params: { scope: 'all', search: issuable.title } end -- GitLab