Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
07f49626
Commit
07f49626
authored
Jun 06, 2016
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix tests
parent
3f3b036d
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
22 additions
and
22 deletions
+22
-22
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+21
-21
lib/gitlab/auth/ip_rate_limiter.rb
lib/gitlab/auth/ip_rate_limiter.rb
+0
-0
spec/requests/jwt_controller_spec.rb
spec/requests/jwt_controller_spec.rb
+1
-1
No files found.
lib/gitlab/auth.rb
View file @
07f49626
...
@@ -35,6 +35,27 @@ module Gitlab
...
@@ -35,6 +35,27 @@ module Gitlab
end
end
end
end
def
rate_limit!
(
ip
,
success
:,
login
:)
rate_limiter
=
Gitlab
::
Auth
::
IpRateLimiter
.
new
(
ip
)
return
unless
rate_limiter
.
enabled?
if
success
# Repeated login 'failures' are normal behavior for some Git clients so
# it is important to reset the ban counter once the client has proven
# they are not a 'bad guy'.
rate_limiter
.
reset!
else
# Register a login failure so that Rack::Attack can block the next
# request from this IP if needed.
rate_limiter
.
register_fail!
if
rate_limiter
.
banned?
Rails
.
logger
.
info
"IP
#{
ip
}
failed to login "
\
"as
#{
login
}
but has been temporarily banned from Git auth"
end
end
end
private
private
def
valid_ci_request?
(
login
,
password
,
project
)
def
valid_ci_request?
(
login
,
password
,
project
)
...
@@ -61,27 +82,6 @@ module Gitlab
...
@@ -61,27 +82,6 @@ module Gitlab
token
&&
token
.
accessible?
&&
User
.
find_by
(
id:
token
.
resource_owner_id
)
token
&&
token
.
accessible?
&&
User
.
find_by
(
id:
token
.
resource_owner_id
)
end
end
end
end
def
rate_limit!
(
ip
,
success
:,
login
:)
rate_limiter
=
IpRateLimiter
.
new
(
ip
)
return
unless
rate_limiter
.
enabled?
if
success
# Repeated login 'failures' are normal behavior for some Git clients so
# it is important to reset the ban counter once the client has proven
# they are not a 'bad guy'.
rate_limiter
.
reset!
else
# Register a login failure so that Rack::Attack can block the next
# request from this IP if needed.
rate_limiter
.
register_fail!
(
ip
,
config
)
if
rate_limiter
.
banned?
Rails
.
logger
.
info
"IP
#{
ip
}
failed to login "
\
"as
#{
login
}
but has been temporarily banned from Git auth"
end
end
end
end
end
end
end
end
end
lib/gitlab/auth/rate_limiter.rb
→
lib/gitlab/auth/
ip_
rate_limiter.rb
View file @
07f49626
File moved
spec/requests/jwt_controller_spec.rb
View file @
07f49626
...
@@ -44,7 +44,7 @@ describe JwtController do
...
@@ -44,7 +44,7 @@ describe JwtController do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:headers
)
{
{
authorization:
credentials
(
'user'
,
'password'
)
}
}
let
(
:headers
)
{
{
authorization:
credentials
(
'user'
,
'password'
)
}
}
before
{
expect
_any_instance_of
(
Gitlab
::
Auth
).
to
receive
(
:find
).
with
(
'user'
,
'password'
).
and_return
(
user
)
}
before
{
expect
(
Gitlab
::
Auth
).
to
receive
(
:find_in_gitlab_or_ldap
).
with
(
'user'
,
'password'
).
and_return
(
user
)
}
subject!
{
get
'/jwt/auth'
,
parameters
,
headers
}
subject!
{
get
'/jwt/auth'
,
parameters
,
headers
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment