diff options
| author | Jacob Vosmaer <jacob@gitlab.com> | 2016-06-06 18:40:30 +0300 |
|---|---|---|
| committer | Jacob Vosmaer <jacob@gitlab.com> | 2016-06-06 18:40:30 +0300 |
| commit | ff7c4e588ab4f7a397963d43becbe00d1bb584a1 (patch) | |
| tree | 342b6ff1b5b8942eed1a6a55aa08f6ed443dcc74 /app/controllers/jwt_controller.rb | |
| parent | 07f49626d01ddffcd127e937c528b74b8248043b (diff) | |
Remove code duplication in JwtController
Diffstat (limited to 'app/controllers/jwt_controller.rb')
| -rw-r--r-- | app/controllers/jwt_controller.rb | 40 |
1 files changed, 1 insertions, 39 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index c05a55633b5..131a16dad9b 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -42,46 +42,8 @@ class JwtController < ApplicationController end def authenticate_user(login, password) - # TODO: this is a copy and paste from grack_auth, - # it should be refactored in the future - user = Gitlab::Auth.find_in_gitlab_or_ldap(login, password) - - # If the user authenticated successfully, we reset the auth failure count - # from Rack::Attack for that IP. A client may attempt to authenticate - # with a username and blank password first, and only after it receives - # a 401 error does it present a password. Resetting the count prevents - # false positives from occurring. - # - # Otherwise, we let Rack::Attack know there was a failed authentication - # attempt from this IP. This information is stored in the Rails cache - # (Redis) and will be used by the Rack::Attack middleware to decide - # whether to block requests from this IP. - config = Gitlab.config.rack_attack.git_basic_auth - - if config.enabled - if user - # A successful login will reset the auth failure count from this IP - Rack::Attack::Allow2Ban.reset(request.ip, config) - else - banned = Rack::Attack::Allow2Ban.filter(request.ip, config) do - # Unless the IP is whitelisted, return true so that Allow2Ban - # increments the counter (stored in Rails.cache) for the IP - if config.ip_whitelist.include?(request.ip) - false - else - true - end - end - - if banned - Rails.logger.info "IP #{request.ip} failed to login " \ - "as #{login} but has been temporarily banned from Git auth" - return - end - end - end - + Gitlab::Auth.rate_limit!(request.ip, success: user.present?, login: login) user end end |