github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Rate limit the creation of backups

Browse Source
This commit is contained in:
Loïc Guitaut
2023-03-14 17:07:18 +01:00
committed by Loïc Guitaut
parent 272c31023d
commit 0bd64788d2
4 changed files with 78 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
spec/requests/admin/backups_controller_spec.rb
View File

@ -137,7 +137,10 @@ RSpec.describe Admin::BackupsController do
describe "#create" do
context "when logged in as an admin" do
before { sign_in(admin) }
before do
sign_in(admin)
BackupRestore.stubs(:backup!)
end
it "starts a backup" do
BackupRestore.expects(:backup!).with(
@ -149,6 +152,22 @@ RSpec.describe Admin::BackupsController do
expect(response.status).to eq(200)
end
context "with rate limiting enabled" do
before do
RateLimiter.clear_all!
RateLimiter.enable
end
after { RateLimiter.disable }
it "is rate limited" do
post "/admin/backups.json", params: { with_uploads: false, client_id: "foo" }
post "/admin/backups.json", params: { with_uploads: false, client_id: "foo" }
expect(response).to have_http_status :too_many_requests
end
end
end
shared_examples "backups creation not allowed" do