FEATURE: new site setting for max logins per ip per hour/minute

2025-05-22 20:31:15 +08:00 · 2017-02-21 22:53:35 +05:30
parent c216f59eaa
commit cba51e1c38
4 changed files with 31 additions and 3 deletions
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@ -659,6 +659,23 @@ describe SessionController do
        end
      end
    end
+
+    context 'rate limited' do
+      it 'rate limits login' do
+        SiteSetting.max_logins_per_ip_per_hour = 2
+        RateLimiter.stubs(:disabled?).returns(false)
+        RateLimiter.clear_all!
+
+        2.times do
+          xhr :post, :create, login: user.username, password: 'myawesomepassword'
+          expect(response).to be_success
+        end
+        xhr :post, :create, login: user.username, password: 'myawesomepassword'
+        expect(response).not_to be_success
+        json = JSON.parse(response.body)
+        expect(json["error_type"]).to eq("rate_limit")
+      end
+    end
  end

  describe '.destroy' do