diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-07-20 17:00:28 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-07-20 17:00:28 +0300 |
commit | 1a39d24d2034ce0d87cd5df630f1226d0beb7dd2 (patch) | |
tree | c8388da831f66373c3c9b1127c41bf906900f460 /lib/gitlab/auth | |
parent | 33e11345e086678fce7591bcd1d465f879d838e7 (diff) |
Refactor blocked user tracker class
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/activity.rb | 5 | ||||
-rw-r--r-- | lib/gitlab/auth/blocked_user_tracker.rb | 56 |
2 files changed, 41 insertions, 20 deletions
diff --git a/lib/gitlab/auth/activity.rb b/lib/gitlab/auth/activity.rb index 375583c1aec..2ff5821ba07 100644 --- a/lib/gitlab/auth/activity.rb +++ b/lib/gitlab/auth/activity.rb @@ -16,7 +16,8 @@ module Gitlab user_signed_out: 'Counter of total user sign out events' }.freeze - def initialize(opts) + def initialize(user, opts) + @user = user @opts = opts end @@ -29,6 +30,8 @@ module Gitlab when :invalid self.class.user_password_invalid_counter.increment end + + # case blocked user end def user_authenticated! diff --git a/lib/gitlab/auth/blocked_user_tracker.rb b/lib/gitlab/auth/blocked_user_tracker.rb index 7609a7b04f6..3d2011fb118 100644 --- a/lib/gitlab/auth/blocked_user_tracker.rb +++ b/lib/gitlab/auth/blocked_user_tracker.rb @@ -2,34 +2,52 @@ module Gitlab module Auth class BlockedUserTracker + include Gitlab::Utils::StrongMemoize + ACTIVE_RECORD_REQUEST_PARAMS = 'action_dispatch.request.request_parameters' - def self.log_if_user_blocked(env) - message = env.dig('warden.options', :message) + def initialize(env) + @env = env + end - # Devise calls User#active_for_authentication? on the User model and then - # throws an exception to Warden with User#inactive_message: - # https://github.com/plataformatec/devise/blob/v4.2.1/lib/devise/hooks/activatable.rb#L8 - # - # Since Warden doesn't pass the user record to the failure handler, we - # need to do a database lookup with the username. We can limit the - # lookups to happen when the user was blocked by checking the inactive - # message passed along by Warden. - return unless message == User::BLOCKED_MESSAGE + ## + # Devise calls User#active_for_authentication? on the User model and then + # throws an exception to Warden with User#inactive_message: + # https://github.com/plataformatec/devise/blob/v4.2.1/lib/devise/hooks/activatable.rb#L8 + # + # Since Warden doesn't pass the user record to the failure handler, we + # need to do a database lookup with the username. We can limit the + # lookups to happen when the user was blocked by checking the inactive + # message passed along by Warden. + # + def has_user_blocked_message? + strong_memoize(:user_blocked_message) do + message = @env.dig('warden.options', :message) + message == User::BLOCKED_MESSAGE + end + end - # Check for either LDAP or regular GitLab account logins - login = env.dig(ACTIVE_RECORD_REQUEST_PARAMS, 'username') || - env.dig(ACTIVE_RECORD_REQUEST_PARAMS, 'user', 'login') + def user + return unless has_user_blocked_message? - return unless login.present? + strong_memoize(:user) do + # Check for either LDAP or regular GitLab account logins + login = @env.dig(ACTIVE_RECORD_REQUEST_PARAMS, 'username') || + @env.dig(ACTIVE_RECORD_REQUEST_PARAMS, 'user', 'login') - user = User.by_login(login) + User.by_login(login) if login.present? + end + end - return unless user&.blocked? + def user_blocked? + user&.blocked? + end - Gitlab::AppLogger.info("Failed login for blocked user: user=#{user.username} ip=#{env['REMOTE_ADDR']}") - SystemHooksService.new.execute_hooks_for(user, :failed_login) + def log_blocked_user_activity! + return unless user_blocked? + Gitlab::AppLogger.info("Failed login for blocked user: user=#{user.username} ip=#{@env['REMOTE_ADDR']}") + SystemHooksService.new.execute_hooks_for(user, :failed_login) true rescue TypeError end |