diff options
author | Stan Hu <stanhu@gmail.com> | 2019-07-02 22:48:07 +0300 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-07-02 22:48:07 +0300 |
commit | f6ea17ed6d412ab2117e7d71aa0d10f3af7876ad (patch) | |
tree | 02ba2b2a4934c5f71baa8fa3e902f991c1413483 | |
parent | 851d19c26023cb977eb29157bc833daab985ba77 (diff) | |
parent | fc85b07a27a5e1cc77105235562e7be151a266a8 (diff) |
Merge branch '62756-include-user-info-in-access-logs' into 'master'
Include username in auth log
Closes #62756
See merge request gitlab-org/gitlab-ce!29821
-rw-r--r-- | config/initializers/rack_attack_logging.rb | 14 | ||||
-rw-r--r-- | spec/requests/rack_attack_global_spec.rb | 43 |
2 files changed, 53 insertions, 4 deletions
diff --git a/config/initializers/rack_attack_logging.rb b/config/initializers/rack_attack_logging.rb index 2a3fdc8de5f..338e968cc6c 100644 --- a/config/initializers/rack_attack_logging.rb +++ b/config/initializers/rack_attack_logging.rb @@ -4,12 +4,22 @@ ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, request_id, req| if [:throttle, :blacklist].include? req.env['rack.attack.match_type'] - Gitlab::AuthLogger.error( + rack_attack_info = { message: 'Rack_Attack', env: req.env['rack.attack.match_type'], ip: req.ip, request_method: req.request_method, fullpath: req.fullpath - ) + } + + if req.env['rack.attack.matched'] != 'throttle_unauthenticated' + user_id = req.env['rack.attack.match_discriminator'] + user = User.find_by(id: user_id) + + rack_attack_info[:user_id] = user_id + rack_attack_info[:username] = user.username unless user.nil? + end + + Gitlab::AuthLogger.error(rack_attack_info) end end diff --git a/spec/requests/rack_attack_global_spec.rb b/spec/requests/rack_attack_global_spec.rb index 89adbc77a7f..d832963292c 100644 --- a/spec/requests/rack_attack_global_spec.rb +++ b/spec/requests/rack_attack_global_spec.rb @@ -102,6 +102,27 @@ describe 'Rack Attack global throttles' do expect_rejection { get(*get_args) } end + + it 'logs RackAttack info into structured logs' do + requests_per_period.times do + get(*get_args) + expect(response).to have_http_status 200 + end + + arguments = { + message: 'Rack_Attack', + env: :throttle, + ip: '127.0.0.1', + request_method: 'GET', + fullpath: get_args.first, + user_id: user.id, + username: user.username + } + + expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once + + expect_rejection { get(*get_args) } + end end context 'when the throttle is disabled' do @@ -189,7 +210,15 @@ describe 'Rack Attack global throttles' do expect(response).to have_http_status 200 end - expect(Gitlab::AuthLogger).to receive(:error).once + arguments = { + message: 'Rack_Attack', + env: :throttle, + ip: '127.0.0.1', + request_method: 'GET', + fullpath: '/users/sign_in' + } + + expect(Gitlab::AuthLogger).to receive(:error).with(arguments) get url_that_does_not_require_authentication end @@ -345,7 +374,17 @@ describe 'Rack Attack global throttles' do expect(response).to have_http_status 200 end - expect(Gitlab::AuthLogger).to receive(:error).once + arguments = { + message: 'Rack_Attack', + env: :throttle, + ip: '127.0.0.1', + request_method: 'GET', + fullpath: '/dashboard/snippets', + user_id: user.id, + username: user.username + } + + expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once get url_that_requires_authentication end |