Cleanup RSpec tests

spec/controllers/sessions_controller_spec.rb

@@ -30,30 +30,11 @@ describe SessionsController do
           expect(SecurityEvent.last.details[:with]).to eq('standard')
         end
 
-        context 'unique ip limit is enabled and set to 1', :redis do
-          before do
-            allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true)
-            allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(10)
-            allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1)
-          end
-
-          it 'allows user authenticating from the same ip' do
-            allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip')
-            post(:create, user: { login: user.username, password: user.password })
-            expect(subject.current_user).to eq user
-
+        include_examples 'user login operation with unique ip limit' do
+          def operation
             post(:create, user: { login: user.username, password: user.password })
             expect(subject.current_user).to eq user
           end
-
-          it 'blocks user authenticating from two distinct ips' do
-            allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip')
-            post(:create, user: { login: user.username, password: user.password })
-            expect(subject.current_user).to eq user
-
-            allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip2')
-            expect { post(:create, user: { login: user.username, password: user.password }) }.to raise_error(Gitlab::Auth::TooManyIps)
-          end
         end
       end
     end

spec/lib/gitlab/auth_spec.rb

@@ -58,27 +58,11 @@ describe Gitlab::Auth, lib: true do
       expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
     end
 
+    include_examples 'user login operation with unique ip limit' do
+      let(:user) { create(:user, password: 'password') }
 
-    context 'unique ip limit is enabled and set to 1', :redis do
-      before do
-        allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true)
-        allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(10)
-        allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1)
-      end
-
-      it 'allows user authenticating from the same ip' do
-        user = create(:user, password: 'password')
-        allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip')
-        expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
-        expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
-      end
-
-      it 'blocks user authenticating from two distinct ips' do
-        user = create(:user, password: 'password')
-        allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip')
+      def operation
         expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
-        allow(Gitlab::RequestContext).to receive(:client_ip).and_return('ip2')
-        expect { gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip2') }.to raise_error(Gitlab::Auth::TooManyIps)
       end
     end
 
@@ -220,6 +204,12 @@ describe Gitlab::Auth, lib: true do
       expect( gl_auth.find_with_user_password(username, password) ).not_to eql user
     end
 
+    include_examples 'user login operation with unique ip limit' do
+      def operation
+        expect(gl_auth.find_with_user_password(username, password)).to eql user
+      end
+    end
+
     context "with ldap enabled" do
       before do
         allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)

spec/requests/api/doorkeeper_access_spec.rb

 require 'spec_helper'
 
-describe API::API, api: true  do
+shared_examples 'user login request with unique ip limit' do
+  include_context 'limit login to only one ip' do
+    it 'allows user authenticating from the same ip' do
+      change_ip('ip')
+      request
+      expect(response).to have_http_status(200)
+
+      request
+      expect(response).to have_http_status(200)
+    end
+
+    it 'blocks user authenticating from two distinct ips' do
+      change_ip('ip')
+      request
+      expect(response).to have_http_status(200)
+
+      change_ip('ip2')
+      request
+      expect(response).to have_http_status(403)
+    end
+  end
+end
+
+describe API::API, api: true do
   include ApiHelpers
 
   let!(:user) { create(:user) }
@@ -13,22 +36,9 @@ describe API::API, api: true  do
       expect(response).to have_http_status(200)
     end
 
-    include_context 'limit login to only one ip' do
-      it 'allows login twice from the same ip' do
-        get api('/user'), access_token: token.token
-        expect(response).to have_http_status(200)
-
+    include_examples 'user login request with unique ip limit' do
+      def request
         get api('/user'), access_token: token.token
-        expect(response).to have_http_status(200)
-      end
-
-      it 'blocks login from two different ips' do
-        get api('/user'), access_token: token.token
-        expect(response).to have_http_status(200)
-
-        change_ip('ip2')
-        get api('/user'), access_token: token.token
-        expect(response).to have_http_status(403)
       end
     end
   end
@@ -46,22 +56,9 @@ describe API::API, api: true  do
       expect(response).to have_http_status(200)
     end
 
-    include_context 'limit login to only one ip' do
-      it 'allows login twice from the same ip' do
-        get api('/user', user)
-        expect(response).to have_http_status(200)
-
-        get api('/user', user)
-        expect(response).to have_http_status(200)
-      end
-
-      it 'blocks login from two different ips' do
-        get api('/user', user)
-        expect(response).to have_http_status(200)
-
-        change_ip('ip2')
+    include_examples 'user login request with unique ip limit' do
+      def request
         get api('/user', user)
-        expect(response).to have_http_status(403)
       end
     end
   end

spec/support/unique_ip_check_shared_examples.rb

-shared_context 'limit login to only one ip', :redis do
+shared_context 'limit login to only one ip' do
+  before(:each) do
+    Gitlab::Redis.with(&:flushall)
+  end
+
   before do
     allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_enabled).and_return(true)
-    allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(1000)
+    allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_time_window).and_return(10000)
     allow(Gitlab::Auth::UniqueIpsLimiter).to receive_message_chain(:config, :unique_ips_limit_per_user).and_return(1)
   end
 
@@ -13,11 +17,13 @@ end
 shared_examples 'user login operation with unique ip limit' do
   include_context 'limit login to only one ip' do
     it 'allows user authenticating from the same ip' do
+      change_ip('ip')
       expect { operation }.not_to raise_error
       expect { operation }.not_to raise_error
     end
 
     it 'blocks user authenticating from two distinct ips' do
+      change_ip('ip')
       expect { operation }.not_to raise_error
 
       change_ip('ip2')