Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4.3.0 fails to load config that works in 4.2.0 #136

Closed
trinode opened this issue Jul 12, 2015 · 5 comments
Closed

4.3.0 fails to load config that works in 4.2.0 #136

trinode opened this issue Jul 12, 2015 · 5 comments

Comments

@trinode
Copy link

trinode commented Jul 12, 2015

Update: forcing a downgrade to 4.2.0 from 4.3.0 solved the issue, no other changes. so this appears to be the latest version that doesn't work

The file below is no longer working, I'm getting the error

ArgumentError (wrong number of arguments (2 for 1)):
config/initializers/rack_attack.rb:22:in `block in class:Attack'

(The line is the first Rack::Attack::Allow2Ban call)

class Rack::Attack
    Rack::Attack.cache.store = Rack::Attack::StoreProxy::RedisStoreProxy.new(Redis.current)

    Rack::Attack.whitelist('allow from localhost') do |req|
      # Requests are allowed if the return value is truthy
      '127.0.0.1' == req.ip
    end

    Rack::Attack.throttle('req/ip', :limit => 75, :period => 15.seconds) do |req|
        # If the return value is truthy, the cache key for the return value
        # is incremented and compared with the limit. In this case:
        #   "rack::attack:#{Time.now.to_i/1.second}:req/ip:#{req.ip}"
        #
        # If falsy, the cache key is neither incremented nor checked.
        req.ip
    end

Rack::Attack.blacklist('user register flood') do |req|
   # `filter` returns false value if request is to your login page (but still
   # increments the count) so request below the limit are not blocked until
   # they hit the limit.  At that point, filter will return true and block.
   Rack::Attack::Allow2Ban.filter(req.ip, :maxretry => 20, :findtime => 1.minute, :bantime => 1.hour) do
     # The count for the IP is incremented if the return value is truthy.
     req.path == '/users' and req.post?
   end
 end

   Rack::Attack.blacklist('user login flood') do |req|
   # `filter` returns false value if request is to your login page (but still
   # increments the count) so request below the limit are not blocked until
   # they hit the limit.  At that point, filter will return true and block.
   Rack::Attack::Allow2Ban.filter(req.ip, :maxretry => 20, :findtime => 1.minute, :bantime => 1.hour) do
     # The count for the IP is incremented if the return value is truthy.
     req.path == '/users/sign_in' and req.post?
   end
     end
  Rack::Attack.blacklist('admin login flood') do |req|
   # `filter` returns false value if request is to your login page (but still
   # increments the count) so request below the limit are not blocked until
   # they hit the limit.  At that point, filter will return true and block.
   Rack::Attack::Allow2Ban.filter(req.ip, :maxretry => 20, :findtime => 5.minute, :bantime => 1.hour) do
     # The count for the IP is incremented if the return value is truthy.
     req.path == '/admins/sign_in' and req.post?
   end

     end
end

I think it's a new version of rack that's the issue, but I could be wrong so:-
Here's my gemfile.lock if it helps:-

GEM
  remote: https://rubygems.org/
  specs:
    actionmailer (4.2.3)
      actionpack (= 4.2.3)
      actionview (= 4.2.3)
      activejob (= 4.2.3)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 1.0, >= 1.0.5)
    actionpack (4.2.3)
      actionview (= 4.2.3)
      activesupport (= 4.2.3)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
    actionview (4.2.3)
      activesupport (= 4.2.3)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
    activejob (4.2.3)
      activesupport (= 4.2.3)
      globalid (>= 0.3.0)
    activemodel (4.2.3)
      activesupport (= 4.2.3)
      builder (~> 3.1)
    activerecord (4.2.3)
      activemodel (= 4.2.3)
      activesupport (= 4.2.3)
      arel (~> 6.0)
    activerecord-import (0.10.0)
      activerecord (>= 3.0)
    activerecord-postgis-adapter (3.0.0)
      activerecord (~> 4.2)
      rgeo-activerecord (~> 4.0)
    activesupport (4.2.3)
      i18n (~> 0.7)
      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
    arel (6.0.2)
    bcrypt (3.1.10)
    binding_of_caller (0.7.2)
      debug_inspector (>= 0.0.1)
    builder (3.2.2)
    callsite (0.0.11)
    cancancan (1.12.0)
    capistrano (3.4.0)
      i18n
      rake (>= 10.0.0)
      sshkit (~> 1.3)
    capistrano-bundler (1.1.4)
      capistrano (~> 3.1)
      sshkit (~> 1.2)
    capistrano-ext (1.2.1)
      capistrano (>= 1.0.0)
    capistrano-rails (1.1.3)
      capistrano (~> 3.1)
      capistrano-bundler (~> 1.1)
    capistrano-rvm (0.1.2)
      capistrano (~> 3.0)
      sshkit (~> 1.2)
    capistrano3-foreman (0.2.5)
      capistrano (~> 3.0)
      sshkit (>= 1.2.0)
    capybara (2.4.4)
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
      rack (>= 1.0.0)
      rack-test (>= 0.5.4)
      xpath (~> 2.0)
    carrierwave (0.10.0)
      activemodel (>= 3.2.0)
      activesupport (>= 3.2.0)
      json (>= 1.7)
      mime-types (>= 1.16)
    childprocess (0.5.6)
      ffi (~> 1.0, >= 1.0.11)
    coderay (1.1.0)
    coffee-rails (4.1.0)
      coffee-script (>= 2.2.0)
      railties (>= 4.0.0, < 5.0)
    coffee-script (2.4.1)
      coffee-script-source
      execjs
    coffee-script-source (1.9.1.1)
    colorize (0.7.7)
    database_cleaner (1.4.1)
    datagrid (1.3.9)
      rails (>= 3.2.18)
    debug_inspector (0.0.2)
    devise (3.5.1)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 3.2.6, < 5)
      responders
      thread_safe (~> 0.1)
      warden (~> 1.2.3)
    diff-lcs (1.2.5)
    docile (1.1.5)
    em-websocket (0.5.1)
      eventmachine (>= 0.12.9)
      http_parser.rb (~> 0.6.0)
    erubis (2.7.0)
    eventmachine (1.0.7)
    execjs (2.5.2)
    factory_girl (4.5.0)
      activesupport (>= 3.0.0)
    factory_girl_rails (4.5.0)
      factory_girl (~> 4.5.0)
      railties (>= 3.0.0)
    ffaker (2.1.0)
    ffi (1.9.10)
    foreman (0.78.0)
      thor (~> 0.19.1)
    formatador (0.2.5)
    formtastic (3.1.3)
      actionpack (>= 3.2.13)
    git-version-bump (0.15.1)
    globalid (0.3.5)
      activesupport (>= 4.1.0)
    guard (2.12.8)
      formatador (>= 0.2.4)
      listen (>= 2.7, <= 4.0)
      lumberjack (~> 1.0)
      nenv (~> 0.1)
      notiffany (~> 0.0)
      pry (>= 0.9.12)
      shellany (~> 0.0)
      thor (>= 0.18.1)
    guard-compat (1.2.1)
    guard-livereload (2.4.0)
      em-websocket (~> 0.5)
      guard (~> 2.8)
      multi_json (~> 1.8)
    guard-rspec (4.6.1)
      guard (~> 2.1)
      guard-compat (~> 1.1)
      rspec (>= 2.99.0, < 4.0)
    http_parser.rb (0.6.0)
    i18n (0.7.0)
    jbuilder (2.3.1)
      activesupport (>= 3.0.0, < 5)
      multi_json (~> 1.2)
    jquery-rails (4.0.4)
      rails-dom-testing (~> 1.0)
      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
    json (1.8.3)
    kaminari (0.16.3)
      actionpack (>= 3.0.0)
      activesupport (>= 3.0.0)
    listen (3.0.2)
      rb-fsevent (>= 0.9.3)
      rb-inotify (>= 0.9)
    loofah (2.0.2)
      nokogiri (>= 1.5.9)
    lumberjack (1.0.9)
    mail (2.6.3)
      mime-types (>= 1.16, < 3)
    meta_request (0.3.4)
      callsite (~> 0.0, >= 0.0.11)
      rack-contrib (~> 1.1)
      railties (>= 3.0.0, < 5.0.0)
    method_source (0.8.2)
    mime-types (2.6.1)
    mini_magick (3.5.0)
      subexec (~> 0.2.1)
    mini_portile (0.6.2)
    minitest (5.7.0)
    multi_json (1.11.2)
    nenv (0.2.0)
    net-scp (1.2.1)
      net-ssh (>= 2.6.5)
    net-ssh (2.9.2)
    nokogiri (1.6.6.2)
      mini_portile (~> 0.6.0)
    notiffany (0.0.6)
      nenv (~> 0.1)
      shellany (~> 0.0)
    orm_adapter (0.5.0)
    pg (0.18.2)
    pry (0.10.1)
      coderay (~> 1.1.0)
      method_source (~> 0.8.1)
      slop (~> 3.4)
    puma (2.11.3)
      rack (>= 1.1, < 2.0)
    rack (1.6.4)
    rack-attack (4.3.0)
      rack
    rack-contrib (1.3.0)
      git-version-bump (~> 0.15)
      rack (~> 1.4)
    rack-cors (0.4.0)
    rack-livereload (0.3.16)
      rack
    rack-test (0.6.3)
      rack (>= 1.0)
    rails (4.2.3)
      actionmailer (= 4.2.3)
      actionpack (= 4.2.3)
      actionview (= 4.2.3)
      activejob (= 4.2.3)
      activemodel (= 4.2.3)
      activerecord (= 4.2.3)
      activesupport (= 4.2.3)
      bundler (>= 1.3.0, < 2.0)
      railties (= 4.2.3)
      sprockets-rails
    rails-admin-scaffold (0.1.0)
      rails (>= 4.0)
    rails-deprecated_sanitizer (1.0.3)
      activesupport (>= 4.2.0.alpha)
    rails-dom-testing (1.0.6)
      activesupport (>= 4.2.0.beta, < 5.0)
      nokogiri (~> 1.6.0)
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.2)
      loofah (~> 2.0)
    railties (4.2.3)
      actionpack (= 4.2.3)
      activesupport (= 4.2.3)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rake (10.4.2)
    rb-fsevent (0.9.5)
    rb-inotify (0.9.5)
      ffi (>= 0.5.0)
    redis (3.2.1)
    redis-activesupport (4.1.0)
      activesupport (~> 4)
      redis-store (~> 1.1.0)
    redis-namespace (1.5.2)
      redis (~> 3.0, >= 3.0.4)
    redis-store (1.1.5)
      redis (>= 2.2)
    responders (2.1.0)
      railties (>= 4.2.0, < 5)
    rgeo (0.3.20)
    rgeo-activerecord (4.0.0)
      activerecord (~> 4.2)
      rgeo (~> 0.3)
    rollout (2.1.0)
    rspec (3.1.0)
      rspec-core (~> 3.1.0)
      rspec-expectations (~> 3.1.0)
      rspec-mocks (~> 3.1.0)
    rspec-core (3.1.7)
      rspec-support (~> 3.1.0)
    rspec-expectations (3.1.2)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.1.0)
    rspec-mocks (3.1.3)
      rspec-support (~> 3.1.0)
    rspec-rails (3.1.0)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      railties (>= 3.0)
      rspec-core (~> 3.1.0)
      rspec-expectations (~> 3.1.0)
      rspec-mocks (~> 3.1.0)
      rspec-support (~> 3.1.0)
    rspec-support (3.1.2)
    rubyzip (1.1.7)
    sass (3.4.16)
    sass-rails (5.0.3)
      railties (>= 4.0.0, < 5.0)
      sass (~> 3.1)
      sprockets (>= 2.8, < 4.0)
      sprockets-rails (>= 2.0, < 4.0)
      tilt (~> 1.1)
    selenium-webdriver (2.46.2)
      childprocess (~> 0.5)
      multi_json (~> 1.0)
      rubyzip (~> 1.0)
      websocket (~> 1.0)
    shellany (0.0.1)
    simplecov (0.10.0)
      docile (~> 1.1.0)
      json (~> 1.8)
      simplecov-html (~> 0.10.0)
    simplecov-html (0.10.0)
    slop (3.6.0)
    smarter_csv (1.0.19)
    sprockets (3.2.0)
      rack (~> 1.0)
    sprockets-rails (2.3.2)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      sprockets (>= 2.8, < 4.0)
    sshkit (1.7.1)
      colorize (>= 0.7.0)
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
    subexec (0.2.3)
    thor (0.19.1)
    thread_safe (0.3.5)
    tilt (1.4.1)
    tzinfo (1.2.2)
      thread_safe (~> 0.1)
    uglifier (2.7.1)
      execjs (>= 0.3.0)
      json (>= 1.8.0)
    warden (1.2.3)
      rack (>= 1.0)
    web-console (2.2.1)
      activemodel (>= 4.0)
      binding_of_caller (>= 0.7.2)
      railties (>= 4.0)
      sprockets-rails (>= 2.0, < 4.0)
    websocket (1.2.2)
    xpath (2.0.0)
      nokogiri (~> 1.3)

PLATFORMS
  ruby

DEPENDENCIES
  activerecord-import
  activerecord-postgis-adapter (= 3.0.0)
  bcrypt (~> 3.1.7)
  cancancan
  capistrano
  capistrano-bundler
  capistrano-ext
  capistrano-rails
  capistrano-rvm
  capistrano3-foreman
  capybara
  carrierwave
  coffee-rails
  database_cleaner
  datagrid
  devise (~> 3.4)
  execjs
  factory_girl_rails
  ffaker
  foreman
  formtastic (= 3.1.3)
  guard-livereload
  guard-rspec
  jbuilder
  jquery-rails
  kaminari
  meta_request
  mini_magick (~> 3.5.0)
  pg
  puma
  rack-attack
  rack-cors
  rack-livereload
  rails (= 4.2.3)
  rails-admin-scaffold
  redis
  redis-activesupport
  redis-namespace
  responders
  rollout
  rspec (~> 3.1.0)
  rspec-rails (~> 3.1.0)
  sass
  sass-rails
  selenium-webdriver
  simplecov
  smarter_csv
  therubyrhino
  torquebox-rake-support
  uglifier
  web-console (~> 2.0)


@trinode trinode changed the title Updated a lot of packages and something new is not working with RA 4.3.0 fails to load config that works in 4.2.0 Jul 18, 2015
@rovr
Copy link

rovr commented Aug 13, 2015

This seems to be a redis_store_proxy issue.

This line passes 'raw: true' param to redis get method, but redis get method only accepts one argument: 'key'.

Hence the (wrong number of arguments (2 for 1)) error.

@trinode
Copy link
Author

trinode commented Aug 13, 2015

Seems reasonable, but any idea why it works in Rack Attack 4.2? (the only change required to my gemfile was specifying rack-attack 4.2.0 in my Gemfile for it to work again).

@trinode
Copy link
Author

trinode commented Aug 13, 2015

Erm, I responded with the misunderstanding redis_store_proxy was an external thing which had not changed. (I was confusing it with redis-namespace). I would delete the previous comment but you probably already got notifications.

Anyway thanks for finding the issue, I'll watch this thread to see what happens next :)

trinode referenced this issue Aug 31, 2015
… possible

to implement something like:

```store.write(key, 0, :expires_in => expires_in)```

See #113
@rovr
Copy link

rovr commented Sep 2, 2015

@trinode, on the second thought, you might be passing the wrong object to the Rack::Attack.cache.store.

It should probably be one of the following:
https://github.com/kickstarter/rack-attack/blob/master/spec/integration/rack_attack_cache_spec.rb#L22-L29

I.e. Redis::Store.new instead of the Redis.current

@ktheory
Copy link
Collaborator

ktheory commented Feb 17, 2016

I recently cleaned up some of the cache store code in v4.4.1 (see #165). I think it'll fix this case too (though I haven't been able to recreate).

Please try upgrading again, and re-open this if the problem persists.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants