diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-08-01 16:56:44 +0300 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-08-01 16:56:44 +0300 |
| commit | 2b05562c5b3a092c94b54095c2daa76a764a0227 (patch) | |
| tree | 0f2141560ddc869519ec4e56874fa1b244c9d103 /lib/gitlab/auth | |
| parent | 4bcf72e734fbafe99ec603d34819b8ab68bf390c (diff) | |
Simplify blocked user tracking during authentication
Diffstat (limited to 'lib/gitlab/auth')
| -rw-r--r-- | lib/gitlab/auth/activity.rb | 3 | ||||
| -rw-r--r-- | lib/gitlab/auth/blocked_user_tracker.rb | 54 |
2 files changed, 10 insertions, 47 deletions
diff --git a/lib/gitlab/auth/activity.rb b/lib/gitlab/auth/activity.rb index 711631ccd64..761f0819c60 100644 --- a/lib/gitlab/auth/activity.rb +++ b/lib/gitlab/auth/activity.rb @@ -18,8 +18,7 @@ module Gitlab user_blocked: 'Counter of sign in attempts when user is blocked' }.freeze - def initialize(user, opts) - @user = user + def initialize(opts) @opts = opts end diff --git a/lib/gitlab/auth/blocked_user_tracker.rb b/lib/gitlab/auth/blocked_user_tracker.rb index b6d2adc834b..d2d415eb8db 100644 --- a/lib/gitlab/auth/blocked_user_tracker.rb +++ b/lib/gitlab/auth/blocked_user_tracker.rb @@ -2,57 +2,21 @@ module Gitlab module Auth class BlockedUserTracker - include Gitlab::Utils::StrongMemoize - ACTIVE_RECORD_REQUEST_PARAMS = 'action_dispatch.request.request_parameters' - - def initialize(env) - @env = env - end - - def user_blocked? - user&.blocked? - end - - def user - return unless has_user_blocked_message? - - strong_memoize(:user) do - # Check for either LDAP or regular GitLab account logins - login = @env.dig(ACTIVE_RECORD_REQUEST_PARAMS, 'username') || - @env.dig(ACTIVE_RECORD_REQUEST_PARAMS, 'user', 'login') - - User.by_login(login) if login.present? - end - rescue TypeError + def initialize(user, auth) + @user = user + @auth = auth end def log_blocked_user_activity! - return unless user_blocked? - - Gitlab::AppLogger.info("Failed login for blocked user: user=#{user.username} ip=#{@env['REMOTE_ADDR']}") - SystemHooksService.new.execute_hooks_for(user, :failed_login) - true - rescue TypeError - end + return unless @user.blocked? - private + Gitlab::AppLogger.info <<~INFO + "Failed login for blocked user: user=#{@user.username} ip=#{@auth.request.ip}") + INFO - ## - # Devise calls User#active_for_authentication? on the User model and then - # throws an exception to Warden with User#inactive_message: - # https://github.com/plataformatec/devise/blob/v4.2.1/lib/devise/hooks/activatable.rb#L8 - # - # Since Warden doesn't pass the user record to the failure handler, we - # need to do a database lookup with the username. We can limit the - # lookups to happen when the user was blocked by checking the inactive - # message passed along by Warden. - # - def has_user_blocked_message? - strong_memoize(:user_blocked_message) do - message = @env.dig('warden.options', :message) - message == User::BLOCKED_MESSAGE - end + SystemHooksService.new.execute_hooks_for(@user, :failed_login) + rescue TypeError end end end |