diff options
| author | Robert Speicher <robert@gitlab.com> | 2017-02-02 01:47:51 +0300 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2017-02-02 01:47:51 +0300 |
| commit | 6d5421271325357ffdd94269c4602291835c5c1e (patch) | |
| tree | c17e194c9227cb2d4b7c84fd9876f1d1a3399a01 /lib | |
| parent | 3661ca9e78d2f6db0eafad0d55180f505cbf9b60 (diff) | |
| parent | 29414ab0438583c7401e94a74a613497874b5e4e (diff) | |
Merge branch '24462-reduce_ldap_queries_for_lfs' into 'master'
Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms
Closes #24462
See merge request !8752
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/auth.rb | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 8dda65c71ef..f638905a1e0 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -10,13 +10,16 @@ module Gitlab def find_for_git_client(login, password, project:, ip:) raise "Must provide an IP for rate limiting" if ip.nil? + # `user_with_password_for_git` should be the last check + # because it's the most expensive, especially when LDAP + # is enabled. result = service_request_check(login, password, project) || build_access_token_check(login, password) || - user_with_password_for_git(login, password) || - oauth_access_token_check(login, password) || lfs_token_check(login, password) || + oauth_access_token_check(login, password) || personal_access_token_check(login, password) || + user_with_password_for_git(login, password) || Gitlab::Auth::Result.new rate_limit!(ip, success: result.success?, login: login) @@ -143,7 +146,9 @@ module Gitlab read_authentication_abilities end - Result.new(actor, nil, token_handler.type, authentication_abilities) if Devise.secure_compare(token_handler.token, password) + if Devise.secure_compare(token_handler.token, password) + Gitlab::Auth::Result.new(actor, nil, token_handler.type, authentication_abilities) + end end def build_access_token_check(login, password) |