Merge branch 'security-59549-add-capcha-for-failed-logins' into 'master'

Require a captcha after unique failed logins from the same IP

See merge request gitlab/gitlabhq!3270

2 files changed, 7 insertions, 2 deletions

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 2a99c6e5c59..855b371368d 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -75,11 +75,11 @@ class ApplicationSetting < ApplicationRecord
 
   validates :recaptcha_site_key,
             presence: true,
-            if: :recaptcha_enabled
+            if: :recaptcha_or_login_protection_enabled
 
   validates :recaptcha_private_key,
             presence: true,
-            if: :recaptcha_enabled
+            if: :recaptcha_or_login_protection_enabled
 
   validates :akismet_api_key,
             presence: true,
@@ -292,4 +292,8 @@ class ApplicationSetting < ApplicationRecord
   def self.cache_backend
     Gitlab::ThreadMemoryCache.cache_backend
   end
+
+  def recaptcha_or_login_protection_enabled
+    recaptcha_enabled || login_recaptcha_protection_enabled
+  end
 end
diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb
index 55ac1e129cf..9b7e4c0fbbe 100644
--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -64,6 +64,7 @@ module ApplicationSettingImplementation
         polling_interval_multiplier: 1,
         project_export_enabled: true,
         recaptcha_enabled: false,
+        login_recaptcha_protection_enabled: false,
         repository_checks_enabled: true,
         repository_storages: ['default'],
         require_two_factor_authentication: false,