Add error handling spec

johnnyshields · johnnyshields · commit 954eb2ae19d9 · 2022-03-20T17:34:25.000+09:00
diff --git a/lib/rack/attack.rb b/lib/rack/attack.rb
@@ -32,7 +32,7 @@ class IncompatibleStoreError < Error; end
 
     THREAD_CALLING_KEY = 'rack.attack.calling'
     DEFAULT_FAILURE_COOLDOWN = 60
-    DEFAULT_IGNORED_ERRORS = %w[Redis::BaseError Dalli::DalliError].freeze
+    DEFAULT_IGNORED_ERRORS = %w[Dalli::DalliError Redis::BaseError].freeze
 
     class << self
       attr_accessor :enabled,
diff --git a/spec/acceptance/error_handling_spec.rb b/spec/acceptance/error_handling_spec.rb
@@ -0,0 +1,219 @@
+# frozen_string_literal: true
+
+require_relative "../spec_helper"
+
+describe "error handling" do
+
+  let(:store) do
+    ActiveSupport::Cache::MemoryStore.new
+  end
+
+  before do
+    Rack::Attack.cache.store = store
+
+    Rack::Attack.blocklist("fail2ban pentesters") do |request|
+      Rack::Attack::Fail2Ban.filter(request.ip, maxretry: 0, bantime: 600, findtime: 30) { true }
+    end
+  end
+
+  describe '.ignored_errors' do
+    before do
+      allow(store).to receive(:read).and_raise(RuntimeError)
+    end
+
+    it 'has default value' do
+      assert_equal Rack::Attack.ignored_errors, %w[Dalli::DalliError Redis::BaseError]
+    end
+
+    it 'can get and set value' do
+      Rack::Attack.ignored_errors = %w[Foobar]
+      assert_equal Rack::Attack.ignored_errors, %w[Foobar]
+    end
+
+    it 'can ignore error as Class' do
+      Rack::Attack.ignored_errors = [RuntimeError]
+
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+      assert_equal 200, last_response.status
+    end
+
+    it 'can ignore error ancestor as Class' do
+      Rack::Attack.ignored_errors = [StandardError]
+
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+      assert_equal 200, last_response.status
+    end
+
+    it 'can ignore error as String' do
+      Rack::Attack.ignored_errors = %w[RuntimeError]
+
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+      assert_equal 200, last_response.status
+    end
+
+    it 'can ignore error error ancestor as String' do
+      Rack::Attack.ignored_errors = %w[StandardError]
+
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+      assert_equal 200, last_response.status
+    end
+
+    it 'raises error if not ignored' do
+      assert_raises(RuntimeError) do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      end
+    end
+  end
+
+  describe '.ignored_errors?' do
+
+    it 'can match String or Class' do
+      Rack::Attack.ignored_errors = ['ArgumentError', RuntimeError]
+      assert Rack::Attack.ignored_error?(ArgumentError.new)
+      assert Rack::Attack.ignored_error?(RuntimeError.new)
+      refute Rack::Attack.ignored_error?(StandardError.new)
+    end
+
+    it 'can match Class ancestors' do
+      Rack::Attack.ignored_errors = [StandardError]
+      assert Rack::Attack.ignored_error?(ArgumentError.new)
+      refute Rack::Attack.ignored_error?(Exception.new)
+    end
+
+    it 'can match String ancestors' do
+      Rack::Attack.ignored_errors = ['StandardError']
+      assert Rack::Attack.ignored_error?(ArgumentError.new)
+      refute Rack::Attack.ignored_error?(Exception.new)
+    end
+  end
+
+  describe '.error_handler' do
+    before do
+      Rack::Attack.error_handler = error_handler if defined?(error_handler)
+      allow(store).to receive(:read).and_raise(ArgumentError)
+    end
+
+    it 'can get and set value' do
+      Rack::Attack.error_handler = :test
+      assert_equal Rack::Attack.error_handler, :test
+    end
+
+    describe 'Proc which returns :block' do
+      let(:error_handler) { ->(_error) { :block } }
+
+      it 'blocks the request' do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+        assert_equal 403, last_response.status
+      end
+    end
+
+    describe 'Proc which returns :throttle' do
+      let(:error_handler) { ->(_error) { :throttle } }
+
+      it 'throttles the request' do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+        assert_equal 429, last_response.status
+      end
+    end
+
+    describe 'Proc which returns :allow' do
+      let(:error_handler) { ->(_error) { :allow } }
+
+      it 'allows the request' do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+        assert_equal 200, last_response.status
+      end
+    end
+
+    describe 'Proc which returns nil' do
+      let(:error_handler) { ->(_error) { nil } }
+
+      it 'allows the request' do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+        assert_equal 200, last_response.status
+      end
+    end
+
+    describe 'Proc which re-raises the error' do
+      let(:error_handler) { ->(error) { raise error } }
+
+      it 'raises the error' do
+        assert_raises(ArgumentError) do
+          get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+        end
+      end
+    end
+
+    describe ':block' do
+      let(:error_handler) { :block }
+
+      it 'blocks the request' do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+        assert_equal 403, last_response.status
+      end
+    end
+
+    describe ':throttle' do
+      let(:error_handler) { :throttle }
+
+      it 'throttles the request' do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+        assert_equal 429, last_response.status
+      end
+    end
+
+    describe ':allow' do
+      let(:error_handler) { :allow }
+
+      it 'allows the request' do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+        assert_equal 200, last_response.status
+      end
+    end
+
+    describe 'non-nil value' do
+      let(:error_handler) { true }
+
+      it 'allows the request' do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+        assert_equal 200, last_response.status
+      end
+    end
+
+    describe 'nil' do
+      let(:error_handler) { nil }
+
+      it 'raises the error' do
+        assert_raises(ArgumentError) do
+          get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+        end
+      end
+    end
+
+    describe 'when error ignored' do
+      let(:error_handler) { :throttle }
+
+      before do
+        Rack::Attack.ignored_errors = [ArgumentError]
+      end
+
+      it 'calls handler despite ignored error' do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+        assert_equal 429, last_response.status
+      end
+    end
+  end
+end
diff --git a/spec/acceptance/failure_cooldown_spec.rb b/spec/acceptance/failure_cooldown_spec.rb
@@ -3,7 +3,7 @@
 require_relative "../spec_helper"
 require "timecop"
 
-describe "failure cooldown" do
+describe ".failure_cooldown" do
 
   let(:store) do
     ActiveSupport::Cache::MemoryStore.new
@@ -22,6 +22,15 @@
     end
   end
 
+  it 'has default value' do
+    assert_equal Rack::Attack.failure_cooldown, 60
+  end
+
+  it 'can get and set value' do
+    Rack::Attack.failure_cooldown = 123
+    assert_equal Rack::Attack.failure_cooldown, 123
+  end
+
   it "allows requests for 60 seconds after an internal error" do
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
@@ -93,13 +102,13 @@
     end
   end
 
-  describe 'cooldown feature disabled' do
+  describe 'nil' do
 
     before do
       Rack::Attack.failure_cooldown = nil
     end
 
-    it 'does not activate cooldown' do
+    it 'disables failure cooldown feature' do
       get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
       assert_equal 403, last_response.status
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -37,6 +37,7 @@ class MiniTest::Spec
     Rack::Attack.clear_configuration
     Rack::Attack.instance_variable_set(:@cache, nil)
     Rack::Attack.instance_variable_set(:@last_failure_at, nil)
+    Rack::Attack.error_handler = nil
     Rack::Attack.failure_cooldown = Rack::Attack::DEFAULT_FAILURE_COOLDOWN
     Rack::Attack.ignored_errors = Rack::Attack::DEFAULT_IGNORED_ERRORS.dup
   end
