Commit 55e286ca authored by Douwe Maan's avatar Douwe Maan

Merge branch 'fix/git_http_request_without_password' into 'master'

Avoid resource intensive login checks if password is not provided

Closes #32598

See merge request !11537
parents 010a9c6b 9735ce15
---
title: Avoid resource intensive login checks if password is not provided.
merge_request: 11537
author: Horatiu Eugen Vlad
...@@ -37,6 +37,9 @@ module Gitlab ...@@ -37,6 +37,9 @@ module Gitlab
end end
def find_with_user_password(login, password) def find_with_user_password(login, password)
# Avoid resource intensive login checks if password is not provided
return unless password.present?
Gitlab::Auth::UniqueIpsLimiter.limit_user! do Gitlab::Auth::UniqueIpsLimiter.limit_user! do
user = User.by_login(login) user = User.by_login(login)
...@@ -44,7 +47,7 @@ module Gitlab ...@@ -44,7 +47,7 @@ module Gitlab
# LDAP users are only authenticated via LDAP # LDAP users are only authenticated via LDAP
if user.nil? || user.ldap_user? if user.nil? || user.ldap_user?
# Second chance - try LDAP authentication # Second chance - try LDAP authentication
return nil unless Gitlab::LDAP::Config.enabled? return unless Gitlab::LDAP::Config.enabled?
Gitlab::LDAP::Authentication.login(login, password) Gitlab::LDAP::Authentication.login(login, password)
else else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment