• Stan Hu's avatar
    Fix deploy tokens erroneously triggering unique IP limits · 7337e578
    Stan Hu authored
    Some users were complaining that when the user unique IP limiter was
    enabled, they would be banned for some unknown
    reason. `AuthFinder.find_for_git_client` can authenticate users from a
    multitude of tokens (CI, LFS, HTTP basic auth, etc.), but project deploy
    tokens are unique in that they aren't attributed to a specific user. As
    a result, if project deploy tokens were used, users that had the same
    database ID as a deploy token would erroneously be attributed to using
    the IP accessed by the token.
    
    To fix this issue, we only call `Gitlab::Auth::UniqueIpsLimiter` if a
    user is returned from the authentication search. Project deploy tokens
    could be used from many different IPs, so it doesn't make sense to group
    them with user activity.
    
    Possibly fixes https://gitlab.com/gitlab-org/gitlab/issues/22854
    7337e578
auth_spec.rb 23.9 KB