diff options
| author | Sean McGivern <sean@mcgivern.me.uk> | 2018-08-03 15:22:15 +0300 |
|---|---|---|
| committer | Sean McGivern <sean@mcgivern.me.uk> | 2018-08-03 15:22:15 +0300 |
| commit | d3a6712e419bc6fc2c11a584d17ec83c2c2d3522 (patch) | |
| tree | b584406549fe84443a5913f0d756d7fc6d454078 /config | |
| parent | c3d02481519a29927e63d55b417b3e5ef71f1bd1 (diff) | |
| parent | 932e80ed0ec0002e76a1eca03ac7d5a642b8d580 (diff) | |
Merge branch 'fix/gb/improve-blocked-user-tracking' into 'master'
Improve blocked user tracking and fire some events only once
Closes #49784
See merge request gitlab-org/gitlab-ce!20959
Diffstat (limited to 'config')
| -rw-r--r-- | config/initializers/warden.rb | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index d64b659c6d7..33f55069c3e 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -2,7 +2,7 @@ Rails.application.configure do |config| Warden::Manager.after_set_user(scope: :user) do |user, auth, opts| Gitlab::Auth::UniqueIpsLimiter.limit_user!(user) - activity = Gitlab::Auth::Activity.new(user, opts) + activity = Gitlab::Auth::Activity.new(opts) case opts[:event] when :authentication @@ -26,16 +26,32 @@ Rails.application.configure do |config| end Warden::Manager.before_failure(scope: :user) do |env, opts| - tracker = Gitlab::Auth::BlockedUserTracker.new(env) - tracker.log_blocked_user_activity! if tracker.user_blocked? - - Gitlab::Auth::Activity.new(tracker.user, opts).user_authentication_failed! + Gitlab::Auth::Activity.new(opts).user_authentication_failed! end - Warden::Manager.before_logout(scope: :user) do |user_warden, auth, opts| - user = user_warden || auth.user + Warden::Manager.before_logout(scope: :user) do |user, auth, opts| + user ||= auth.user + activity = Gitlab::Auth::Activity.new(opts) + tracker = Gitlab::Auth::BlockedUserTracker.new(user, auth) ActiveSession.destroy(user, auth.request.session.id) - Gitlab::Auth::Activity.new(user, opts).user_session_destroyed! + activity.user_session_destroyed! + + ## + # It is possible that `before_logout` event is going to be triggered + # multiple times during the request lifecycle. We want to increment + # metrics and write logs only once in that case. + # + # 'warden.auth.*' is our custom hash key that follows usual convention + # of naming keys in the Rack env hash. + # + next if auth.env['warden.auth.user.blocked'] + + if user.blocked? + activity.user_blocked! + tracker.log_activity! + end + + auth.env['warden.auth.user.blocked'] = true end end |