Fix race condition in rack-attack oAuth token specs
What does this MR do and why?
Potentially fixes master broken incident 6315
Fix race condition in rack-attack oAuth token specs
When running the Rack::Attack request spec shared examples, it may be
possible for a race condition to occur. To check that Rack::Attack will
"unlock" a token after the specified throttling period, the specs use
travel_to(period)
to change the Ruby time into the future. However,
one of the oAuth tokens generated for the spec is set to expire in
period + 1
. If the clock ticks over to the next second while making
the unlocked-period checks, then we would get an expired token error
instead of the expected response.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
rspec spec/requests/rack_attack_global_spec.rb
- Should pass consistently, even in CI