Add latest changes from gitlab-org/gitlab@14-7-stable-eev14.7.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-01-20 12:16:11 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-01-20 12:16:11 +0300
commit: edaa33dee2ff2f7ea3fac488d41558eb5f86d68c (patch)
tree: 11f143effbfeba52329fb7afbd05e6e2a3790241 /app/controllers/autocomplete_controller.rb
parent: d8a5691316400a0f7ec4f83832698f1988eb27c1 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index c32a7f10aa4..ee5caf63703 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -2,6 +2,7 @@
 
 class AutocompleteController < ApplicationController
   skip_before_action :authenticate_user!, only: [:users, :award_emojis, :merge_request_target_branches]
+  before_action :check_email_search_rate_limit!, only: [:users]
 
   feature_category :users, [:users, :user]
   feature_category :projects, [:projects]
@@ -71,6 +72,12 @@ class AutocompleteController < ApplicationController
   def target_branch_params
     params.permit(:group_id, :project_id).select { |_, v| v.present? }
   end
+
+  def check_email_search_rate_limit!
+    search_params = Gitlab::Search::Params.new(params)
+
+    check_rate_limit!(:user_email_lookup, scope: [current_user]) if search_params.email_lookup?
+  end
 end
 
 AutocompleteController.prepend_mod_with('AutocompleteController')
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-01-20 12:16:11 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-01-20 12:16:11 +0300
commit	edaa33dee2ff2f7ea3fac488d41558eb5f86d68c (patch)
tree	11f143effbfeba52329fb7afbd05e6e2a3790241 /app/controllers/autocomplete_controller.rb
parent	d8a5691316400a0f7ec4f83832698f1988eb27c1 (diff)