Fix context for SessionsController

SessionsController inherits from DeviseController, which inherits from ApplicationController by default, so adding context in that controller didn't help. The problem here was that the chain was being interrupted by an earlier before_action, so we need to set the context in a prepend_around_action.

Fix context for SessionsController
SessionsController inherits from DeviseController, which inherits from ApplicationController by default, so adding context in that controller didn't help. The problem here was that the chain was being interrupted by an earlier before_action, so we need to set the context in a prepend_around_action.
88588172 · Sean McGivern · 805c589a · 88588172 · 88588172 · 88588172
Commit 88588172 authored Mar 17, 2020 by Sean McGivern
3 changed files
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -35,8 +35,9 @@ class ApplicationController < ActionController::Base
  before_action :check_impersonation_availability
  before_action :required_signup_info

+  prepend_around_action :set_current_context
+
  around_action :sessionless_bypass_admin_mode!, if: :sessionless_user?
-  around_action :set_current_context
  around_action :set_locale
  around_action :set_session_storage
  around_action :set_current_admin

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -26,8 +26,6 @@ class SessionsController < Devise::SessionsController
  before_action :load_recaptcha
  before_action :frontend_tracking_data, only: [:new]

-  around_action :set_current_context
-
  after_action :log_failed_login, if: :action_new_and_failed_login?

  helper_method :captcha_enabled?, :captcha_on_login_required?
@@ -307,13 +305,6 @@ class SessionsController < Devise::SessionsController
    # We want tracking data pushed to the frontend when the user is _in_ the control group
    frontend_experimentation_tracking_data(:signup_flow, 'start') unless experiment_enabled?(:signup_flow)
  end
-
-  def set_current_context(&block)
-    Gitlab::ApplicationContext.with_context(
-      user: -> { current_user },
-      caller_id: "#{self.class.name}##{action_name}",
-      &block)
-  end
 end

 SessionsController.prepend_if_ee('EE::SessionsController')
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -497,13 +497,13 @@ describe SessionsController do
  end

  describe '#set_current_context' do
+    let_it_be(:user) { create(:user) }
+
    before do
      set_devise_mapping(context: @request)
    end

    context 'when signed in' do
-      let_it_be(:user) { create(:user) }
-
      before do
        sign_in(user)
      end
@@ -535,5 +535,25 @@ describe SessionsController do
        get :new
      end
    end
+
+    context 'when the user becomes locked' do
+      before do
+        user.update!(failed_attempts: User.maximum_attempts.pred)
+      end
+
+      it 'sets the caller_id in the context' do
+        allow_any_instance_of(User).to receive(:lock_access!).and_wrap_original do |m, *args|
+          expect(Labkit::Context.current.to_h)
+            .to include('meta.caller_id' => 'SessionsController#create')
+          expect(Labkit::Context.current.to_h)
+            .not_to include('meta.user')
+
+          m.call(*args)
+        end
+
+        post(:create,
+             params: { user: { login: user.username, password: user.password.succ } })
+      end
+    end
  end
 end