IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: return 429 when admin api key is limited on admin route

Browse Source 
This also handles a general case where exceptions leak out prior to being handled by the application controller
This commit is contained in:
Sam
2018-01-12 14:15:10 +11:00
parent dcbaf2f213
commit 49ed382c2a
39 changed files with 322 additions and 349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
spec/requests/admin/admin_controller_spec.rb
View File

@@ -2,8 +2,7 @@ require 'rails_helper'
RSpec.describe Admin::AdminController do
it "should return the right response if user isn't a staff" do
expect do
get "/admin", params: { api_key: 'asdiasiduga' }
end.to raise_error(ActionController::RoutingError)
get "/admin", params: { api_key: 'asdiasiduga' }
expect(response.status).to eq(404)
end
end

8
spec/requests/admin/backups_controller_spec.rb
View File

@@ -25,8 +25,8 @@ RSpec.describe Admin::BackupsController do
end
it 'should not allow rollback via a GET request' do
expect { get "/admin/backups/rollback.json" }
.to raise_error(ActionController::RoutingError)
get "/admin/backups/rollback.json"
expect(response.status).to eq(404)
end
end
@@ -40,8 +40,8 @@ RSpec.describe Admin::BackupsController do
end
it 'should not allow cancel via a GET request' do
expect { get "/admin/backups/cancel.json" }
.to raise_error(ActionController::RoutingError)
get "/admin/backups/cancel.json"
expect(response.status).to eq(404)
end
end

38
spec/requests/admin/email_templates_controller_spec.rb
View File

@@ -19,16 +19,14 @@ RSpec.describe Admin::EmailTemplatesController do
context "#index" do
it "raises an error if you aren't logged in" do
expect do
get '/admin/customize/email_templates.json'
end.to raise_error(ActionController::RoutingError)
get '/admin/customize/email_templates.json'
expect(response.status).to eq(404)
end
it "raises an error if you aren't an admin" do
sign_in(user)
expect do
get '/admin/customize/email_templates.json'
end.to raise_error(ActionController::RoutingError)
get '/admin/customize/email_templates.json'
expect(response.status).to eq(404)
end
it "should work if you are an admin" do
@@ -44,20 +42,18 @@ RSpec.describe Admin::EmailTemplatesController do
context "#update" do
it "raises an error if you aren't logged in" do
expect do
put '/admin/customize/email_templates/some_id', params: {
email_template: { subject: 'Subject', body: 'Body' }
}, headers: headers
end.to raise_error(ActionController::RoutingError)
put '/admin/customize/email_templates/some_id', params: {
email_template: { subject: 'Subject', body: 'Body' }
}, headers: headers
expect(response.status).to eq(404)
end
it "raises an error if you aren't an admin" do
sign_in(user)
expect do
put '/admin/customize/email_templates/some_id', params: {
email_template: { subject: 'Subject', body: 'Body' }
}, headers: headers
end.to raise_error(ActionController::RoutingError)
put '/admin/customize/email_templates/some_id', params: {
email_template: { subject: 'Subject', body: 'Body' }
}, headers: headers
expect(response.status).to eq(404)
end
context "when logged in as admin" do
@@ -224,16 +220,14 @@ RSpec.describe Admin::EmailTemplatesController do
context "#revert" do
it "raises an error if you aren't logged in" do
expect do
delete '/admin/customize/email_templates/some_id', headers: headers
end.to raise_error(ActionController::RoutingError)
delete '/admin/customize/email_templates/some_id', headers: headers
expect(response.status).to eq(404)
end
it "raises an error if you aren't an admin" do
sign_in(user)
expect do
delete '/admin/customize/email_templates/some_id', headers: headers
end.to raise_error(ActionController::RoutingError)
delete '/admin/customize/email_templates/some_id', headers: headers
expect(response.status).to eq(404)
end
context "when logged in as admin" do

20
spec/requests/admin/search_logs_spec.rb
View File

@@ -10,16 +10,14 @@ RSpec.describe Admin::SearchLogsController do
context "#index" do
it "raises an error if you aren't logged in" do
expect do
get '/admin/logs/search_logs.json'
end.to raise_error(ActionController::RoutingError)
get '/admin/logs/search_logs.json'
expect(response.status).to eq(404)
end
it "raises an error if you aren't an admin" do
sign_in(user)
expect do
get '/admin/logs/search_logs.json'
end.to raise_error(ActionController::RoutingError)
get '/admin/logs/search_logs.json'
expect(response.status).to eq(404)
end
it "should work if you are an admin" do
@@ -35,16 +33,14 @@ RSpec.describe Admin::SearchLogsController do
context "#term" do
it "raises an error if you aren't logged in" do
expect do
get '/admin/logs/search_logs/term/ruby.json'
end.to raise_error(ActionController::RoutingError)
get '/admin/logs/search_logs/term/ruby.json'
expect(response.status).to eq(404)
end
it "raises an error if you aren't an admin" do
sign_in(user)
expect do
get '/admin/logs/search_logs/term/ruby.json'
end.to raise_error(ActionController::RoutingError)
get '/admin/logs/search_logs/term/ruby.json'
expect(response.status).to eq(404)
end
it "should work if you are an admin" do