Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
e698a22e
Commit
e698a22e
authored
Aug 02, 2018
by
Grzegorz Bizon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Skip redunant before_logout warden events
parent
c2a5bbc2
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
15 additions
and
15 deletions
+15
-15
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+1
-10
config/initializers/warden.rb
config/initializers/warden.rb
+14
-5
No files found.
app/controllers/application_controller.rb
View file @
e698a22e
...
...
@@ -24,6 +24,7 @@ class ApplicationController < ActionController::Base
before_action
:configure_permitted_parameters
,
if: :devise_controller?
before_action
:require_email
,
unless: :devise_controller?
around_action
:set_locale
after_action
:set_page_title_header
,
if:
->
{
request
.
format
==
:json
}
...
...
@@ -127,13 +128,7 @@ class ApplicationController < ActionController::Base
# Controllers such as GitHttpController may use alternative methods
# (e.g. tokens) to authenticate the user, whereas Devise sets current_user.
#
# `current_user` call is going to trigger Warden::Proxy authentication
# that is going to invoke warden callbacks, and we don't want to do it
# twice in case of authentication request.
#
def
auth_user
return
if
authentication_request?
if
user_signed_in?
current_user
else
...
...
@@ -141,10 +136,6 @@ class ApplicationController < ActionController::Base
end
end
def
authentication_request?
controller_name
==
'sessions'
&&
action_name
==
'create'
end
# This filter handles personal access tokens, and atom requests with rss tokens
def
authenticate_sessionless_user!
user
=
Gitlab
::
Auth
::
RequestAuthenticator
.
new
(
request
).
find_sessionless_user
...
...
config/initializers/warden.rb
View file @
e698a22e
...
...
@@ -30,14 +30,23 @@ Rails.application.configure do |config|
end
Warden
::
Manager
.
before_logout
(
scope: :user
)
do
|
user
,
auth
,
opts
|
user
||=
auth
.
user
ActiveSession
.
destroy
(
user
||
auth
.
user
,
auth
.
request
.
session
.
id
)
activity
=
Gitlab
::
Auth
::
Activity
.
new
(
opts
)
tracker
=
Gitlab
::
Auth
::
BlockedUserTracker
.
new
(
user
,
auth
)
##
# It is possible that `before_logout` event is going to be triggered
# multiple times during the request lifecycle. We want to increment
# metrics and write logs only once in that case.
#
next
if
(
auth
.
env
[
'warden.auth.trackers'
]
||=
{}).
push
(
activity
).
many?
if
user
.
blocked?
Gitlab
::
Auth
::
Activity
.
new
(
opts
)
.
user_blocked!
Gitlab
::
Auth
::
BlockedUserTracker
.
new
(
user
,
auth
)
.
log_activity!
activity
.
user_blocked!
tracker
.
log_activity!
end
Gitlab
::
Auth
::
Activity
.
new
(
opts
).
user_session_destroyed!
ActiveSession
.
destroy
(
user
,
auth
.
request
.
session
.
id
)
activity
.
user_session_destroyed!
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment