Add test to prevent regressions (#656)

santib · web-flow · commit b6ce502b1491 · 2024-05-03T20:49:45.000-03:00
diff --git a/spec/acceptance/fail2ban_spec.rb b/spec/acceptance/fail2ban_spec.rb
@@ -4,6 +4,8 @@
 require "timecop"
 
 describe "fail2ban" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
 
@@ -75,4 +77,44 @@
       assert_equal 200, last_response.status
     end
   end
+
+  it "notifies when the request is blocked" do
+    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
+      notifications.push(payload)
+    end
+
+    get "/"
+
+    assert_equal 200, last_response.status
+    assert notifications.empty?
+
+    get "/private-place"
+
+    assert_equal 403, last_response.status
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+
+    get "/"
+
+    assert_equal 200, last_response.status
+    assert notifications.empty?
+
+    get "/private-place"
+
+    assert_equal 403, last_response.status
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+
+    get "/"
+
+    assert_equal 403, last_response.status
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+  end
 end
