Avoid resource intensive login checks if password is not provided

Fixes #32598
author: Horatiu Eugen Vlad <horatiu@vlad.eu> 2017-05-19 11:38:31 +0300
committer: Horatiu Eugen Vlad <horatiu@vlad.eu> 2017-05-21 18:58:32 +0300
commit: 9735ce15de5255365e302d1f50b301039512f50d (patch)
tree: 2df5462f48972bda7d49718fde7b1c5b2fa98938 /lib/gitlab/auth.rb
parent: b0642299943bbb0485b0577e99fb1d2c6072b845 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index ea918b23a63..099c45dcfb7 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -37,6 +37,9 @@ module Gitlab
       end
 
       def find_with_user_password(login, password)
+        # Avoid resource intensive login checks if password is not provided
+        return unless password.present?
+
         Gitlab::Auth::UniqueIpsLimiter.limit_user! do
           user = User.by_login(login)
 
@@ -44,7 +47,7 @@ module Gitlab
           #   LDAP users are only authenticated via LDAP
           if user.nil? || user.ldap_user?
             # Second chance - try LDAP authentication
-            return nil unless Gitlab::LDAP::Config.enabled?
+            return unless Gitlab::LDAP::Config.enabled?
 
             Gitlab::LDAP::Authentication.login(login, password)
           else
author	Horatiu Eugen Vlad <horatiu@vlad.eu>	2017-05-19 11:38:31 +0300
committer	Horatiu Eugen Vlad <horatiu@vlad.eu>	2017-05-21 18:58:32 +0300
commit	9735ce15de5255365e302d1f50b301039512f50d (patch)
tree	2df5462f48972bda7d49718fde7b1c5b2fa98938 /lib/gitlab/auth.rb
parent	b0642299943bbb0485b0577e99fb1d2c6072b845 (diff)