From 1b195ce115bd1572eb883722c55c1db90eb3182b Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 13 Oct 2023 10:14:23 -0400
Subject: [PATCH] Speed-up on `Rack::Attack` spec (#25542)

---
 spec/config/initializers/rack_attack_spec.rb | 48 ++++++++++++++++----
 1 file changed, 38 insertions(+), 10 deletions(-)

diff --git a/spec/config/initializers/rack_attack_spec.rb b/spec/config/initializers/rack_attack_spec.rb
index 7cd4ac76b..c9ce9e27d 100644
--- a/spec/config/initializers/rack_attack_spec.rb
+++ b/spec/config/initializers/rack_attack_spec.rb
@@ -16,37 +16,63 @@ describe Rack::Attack, type: :request do
       # https://github.com/rack/rack-attack/blob/v6.6.1/lib/rack/attack/cache.rb#L64-L66
       # So we want to minimize `Time.now.to_i % period`
 
-      travel_to Time.zone.at((Time.now.to_i / period.seconds).to_i * period.seconds)
+      travel_to Time.zone.at(counter_prefix * period.seconds)
     end
 
     context 'when the number of requests is lower than the limit' do
+      before do
+        below_limit.times { increment_counter }
+      end
+
       it 'does not change the request status' do
-        limit.times do
-          request.call
-          expect(response).to_not have_http_status(429)
-        end
+        expect { request.call }.to change { throttle_count }.by(1)
+
+        expect(response).to_not have_http_status(429)
       end
     end
 
     context 'when the number of requests is higher than the limit' do
+      before do
+        above_limit.times { increment_counter }
+      end
+
       it 'returns http too many requests after limit and returns to normal status after period' do
-        (limit * 2).times do |i|
-          request.call
-          expect(response).to have_http_status(429) if i > limit
-        end
+        expect { request.call }.to change { throttle_count }.by(1)
+        expect(response).to have_http_status(429)
 
         travel period
 
-        request.call
+        expect { request.call }.to change { throttle_count }.by(1)
         expect(response).to_not have_http_status(429)
       end
     end
+
+    def below_limit
+      limit - 1
+    end
+
+    def above_limit
+      limit * 2
+    end
+
+    def throttle_count
+      described_class.cache.read("#{counter_prefix}:#{throttle}:#{remote_ip}") || 0
+    end
+
+    def counter_prefix
+      (Time.now.to_i / period.seconds).to_i
+    end
+
+    def increment_counter
+      described_class.cache.count("#{throttle}:#{remote_ip}", period)
+    end
   end
 
   let(:remote_ip) { '1.2.3.5' }
 
   describe 'throttle excessive sign-up requests by IP address' do
     context 'when accessed through the website' do
+      let(:throttle) { 'throttle_sign_up_attempts/ip' }
       let(:limit)  { 25 }
       let(:period) { 5.minutes }
       let(:request) { -> { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }
@@ -65,6 +91,7 @@ describe Rack::Attack, type: :request do
     end
 
     context 'when accessed through the API' do
+      let(:throttle) { 'throttle_api_sign_up' }
       let(:limit)  { 5 }
       let(:period) { 30.minutes }
       let(:request) { -> { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }
@@ -87,6 +114,7 @@ describe Rack::Attack, type: :request do
   end
 
   describe 'throttle excessive sign-in requests by IP address' do
+    let(:throttle) { 'throttle_login_attempts/ip' }
     let(:limit)  { 25 }
     let(:period) { 5.minutes }
     let(:request) { -> { post path, headers: { 'REMOTE_ADDR' => remote_ip } } }