Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-08 06:06:48 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-08 06:06:48 +0300
commit: 18a102a5b95198b6bc8db2589de6353997a33543 (patch)
tree: 93aac1bb58c3bfcd7421c279a6436fa50ea05537 /lib/gitlab/auth
parent: 1adb4373ba840a9bc771a8c9196f7183fd98b2b8 (diff)
1 files changed, 8 insertions, 11 deletions
diff --git a/lib/gitlab/auth/ip_rate_limiter.rb b/lib/gitlab/auth/ip_rate_limiter.rb
index 74d359bcd28..acb46abb6f3 100644
--- a/lib/gitlab/auth/ip_rate_limiter.rb
+++ b/lib/gitlab/auth/ip_rate_limiter.rb
@@ -21,11 +21,12 @@ module Gitlab
       end
 
       def register_fail!
+        return false if trusted_ip?
+
         # Allow2Ban.filter will return false if this IP has not failed too often yet
         @banned = Rack::Attack::Allow2Ban.filter(ip, config) do
-          # If we return false here, the failure for this IP is ignored by Allow2Ban
-          # If we return true here, the count for the IP is incremented.
-          ip_can_be_banned?
+          # We return true to increment the count for this IP
+          true
         end
       end
 
@@ -33,20 +34,16 @@ module Gitlab
         @banned
       end
 
+      def trusted_ip?
+        trusted_ips.any? { |netmask| netmask.include?(ip) }
+      end
+
       private
 
       def config
         Gitlab.config.rack_attack.git_basic_auth
       end
 
-      def ip_can_be_banned?
-        !trusted_ip?
-      end
-
-      def trusted_ip?
-        trusted_ips.any? { |netmask| netmask.include?(ip) }
-      end
-
       def trusted_ips
         strong_memoize(:trusted_ips) do
           config.ip_whitelist.map do |proxy|
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-08 06:06:48 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-08 06:06:48 +0300
commit	18a102a5b95198b6bc8db2589de6353997a33543 (patch)
tree	93aac1bb58c3bfcd7421c279a6436fa50ea05537 /lib/gitlab/auth
parent	1adb4373ba840a9bc771a8c9196f7183fd98b2b8 (diff)