diff options
| author | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-02-06 15:48:46 +0300 |
|---|---|---|
| committer | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-03-06 17:41:24 +0300 |
| commit | e5cf3f51fb568361a247d715facb6cd9bb15bb16 (patch) | |
| tree | d12f9644c8b0dd0765fd0de90d69027848341083 /config | |
| parent | 27729aa3a4666c6b06006c76023f4bff60f8ba25 (diff) | |
Allow limiting logging in users from too many different IPs.
Diffstat (limited to 'config')
| -rw-r--r-- | config/application.rb | 5 | ||||
| -rw-r--r-- | config/initializers/doorkeeper.rb | 6 | ||||
| -rw-r--r-- | config/initializers/request_context.rb | 3 |
3 files changed, 12 insertions, 2 deletions
diff --git a/config/application.rb b/config/application.rb index f1a986d1731..c4dea9e92b0 100644 --- a/config/application.rb +++ b/config/application.rb @@ -7,6 +7,9 @@ Bundler.require(:default, Rails.env) module Gitlab class Application < Rails::Application require_dependency Rails.root.join('lib/gitlab/redis') + require_dependency Rails.root.join('lib/gitlab/request_context') + require_dependency Rails.root.join('lib/gitlab/auth') + require_dependency Rails.root.join('lib/gitlab/auth/unique_ips_limiter') # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers @@ -111,6 +114,8 @@ module Gitlab config.middleware.insert_before Warden::Manager, Rack::Attack + config.middleware.insert_before Warden::Manager, Gitlab::Auth::UniqueIpsLimiter + # Allow access to GitLab API from other domains config.middleware.insert_before Warden::Manager, Rack::Cors do allow do diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 88cd0f5f652..44b658e5872 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -12,8 +12,10 @@ Doorkeeper.configure do end resource_owner_from_credentials do |routes| - user = Gitlab::Auth.find_with_user_password(params[:username], params[:password]) - user unless user.try(:two_factor_enabled?) + Gitlab::Auth::UniqueIpsLimiter.limit_user! do + user = Gitlab::Auth.find_with_user_password(params[:username], params[:password]) + user unless user.try(:two_factor_enabled?) + end end # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below. diff --git a/config/initializers/request_context.rb b/config/initializers/request_context.rb new file mode 100644 index 00000000000..0b485fc1adc --- /dev/null +++ b/config/initializers/request_context.rb @@ -0,0 +1,3 @@ +Rails.application.configure do |config| + config.middleware.insert_after RequestStore::Middleware, Gitlab::RequestContext +end |