Commit d51365ef authored by Marius Bobin's avatar Marius Bobin Committed by Jan Provaznik

Exempt `jwt/auth` for user `gitlab-ci-token` from rate limiting

parent 8634cca3
---
title: Exempt user gitlab-ci-token from rate limiting
merge_request: 31909
author:
type: fixed
......@@ -46,7 +46,7 @@ module Gitlab
user_with_password_for_git(login, password) ||
Gitlab::Auth::Result.new
rate_limit!(ip, success: result.success?, login: login)
rate_limit!(ip, success: result.success?, login: login) unless skip_rate_limit?(login: login)
Gitlab::Auth::UniqueIpsLimiter.limit_user!(result.actor)
return result if result.success? || authenticate_using_internal_or_ldap_password?
......@@ -119,6 +119,10 @@ module Gitlab
private
def skip_rate_limit?(login:)
::Ci::Build::CI_REGISTRY_USER == login
end
def authenticate_using_internal_or_ldap_password?
Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::Auth::LDAP::Config.enabled?
end
......
......@@ -86,7 +86,7 @@ describe Gitlab::Auth do
let(:project) { build.project }
before do
expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: 'gitlab-ci-token')
expect(gl_auth).not_to receive(:rate_limit!).with('ip', success: true, login: 'gitlab-ci-token')
end
it 'recognises user-less build' do
......@@ -106,7 +106,7 @@ describe Gitlab::Auth do
let(:project) { build.project }
before do
expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: 'gitlab-ci-token')
expect(gl_auth).not_to receive(:rate_limit!).with('ip', success: false, login: 'gitlab-ci-token')
end
it 'denies authentication' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment