Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
4bcf72e7
Commit
4bcf72e7
authored
Aug 01, 2018
by
Grzegorz Bizon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve blocked user tracking and fire some events only once
parent
e9d04585
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
23 additions
and
9 deletions
+23
-9
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+12
-4
config/initializers/warden.rb
config/initializers/warden.rb
+5
-1
lib/gitlab/auth/activity.rb
lib/gitlab/auth/activity.rb
+4
-2
spec/features/users/login_spec.rb
spec/features/users/login_spec.rb
+2
-2
No files found.
app/controllers/application_controller.rb
View file @
4bcf72e7
...
...
@@ -108,6 +108,7 @@ class ApplicationController < ActionController::Base
def
append_info_to_payload
(
payload
)
super
payload
[
:remote_ip
]
=
request
.
remote_ip
logged_user
=
auth_user
...
...
@@ -122,12 +123,19 @@ class ApplicationController < ActionController::Base
end
end
##
# Controllers such as GitHttpController may use alternative methods
# (e.g. tokens) to authenticate the user, whereas Devise sets current_user
# (e.g. tokens) to authenticate the user, whereas Devise sets current_user.
#
# `current_user` call is going to trigger Warden::Proxy authentication
# that is going to invoke warden callbacks, so we use Warden directly here.
#
def
auth_user
return
current_user
if
current_user
.
present?
return
try
(
:authenticated_user
)
if
warden
.
authenticated?
(
:user
)
current_user
else
try
(
:authenticated_user
)
end
end
# This filter handles personal access tokens, and atom requests with rss tokens
...
...
config/initializers/warden.rb
View file @
4bcf72e7
...
...
@@ -35,7 +35,11 @@ Rails.application.configure do |config|
Warden
::
Manager
.
before_logout
(
scope: :user
)
do
|
user_warden
,
auth
,
opts
|
user
=
user_warden
||
auth
.
user
Gitlab
::
Auth
::
Activity
.
new
(
user
,
opts
).
tap
do
|
activity
|
activity
.
user_blocked!
if
user
.
blocked?
activity
.
user_session_destroyed!
end
ActiveSession
.
destroy
(
user
,
auth
.
request
.
session
.
id
)
Gitlab
::
Auth
::
Activity
.
new
(
user
,
opts
).
user_session_destroyed!
end
end
lib/gitlab/auth/activity.rb
View file @
4bcf72e7
...
...
@@ -32,8 +32,6 @@ module Gitlab
when
:invalid
self
.
class
.
user_password_invalid_counter_increment!
end
self
.
class
.
user_blocked_counter_increment!
if
@user
&
.
blocked?
end
def
user_authenticated!
...
...
@@ -51,6 +49,10 @@ module Gitlab
end
end
def
user_blocked!
self
.
class
.
user_blocked_counter_increment!
end
def
user_session_destroyed!
self
.
class
.
user_session_destroyed_counter_increment!
end
...
...
spec/features/users/login_spec.rb
View file @
4bcf72e7
...
...
@@ -71,7 +71,7 @@ describe 'Login' do
expect
(
authentication_metrics
)
.
to
increment
(
:user_blocked_counter
)
.
and
increment
(
:user_unauthenticated_counter
)
.
and
increment
(
:user_session_destroyed_counter
)
.
twice
.
and
increment
(
:user_session_destroyed_counter
)
user
=
create
(
:user
,
:blocked
)
...
...
@@ -84,7 +84,7 @@ describe 'Login' do
expect
(
authentication_metrics
)
.
to
increment
(
:user_blocked_counter
)
.
and
increment
(
:user_unauthenticated_counter
)
.
and
increment
(
:user_session_destroyed_counter
)
.
twice
.
and
increment
(
:user_session_destroyed_counter
)
user
=
create
(
:user
,
:blocked
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment