Merge branch 'fix-context-for-sessionscontollers' into 'master'

Fix context for SessionsController

See merge request gitlab-org/gitlab!27434

app/controllers/application_controller.rb

@@ -35,8 +35,9 @@ class ApplicationController < ActionController::Base
   before_action :check_impersonation_availability
   before_action :required_signup_info
 
+  prepend_around_action :set_current_context
+
   around_action :sessionless_bypass_admin_mode!, if: :sessionless_user?
-  around_action :set_current_context
   around_action :set_locale
   around_action :set_session_storage
   around_action :set_current_admin

app/controllers/sessions_controller.rb

@@ -26,8 +26,6 @@ class SessionsController < Devise::SessionsController
   before_action :load_recaptcha
   before_action :frontend_tracking_data, only: [:new]
 
-  around_action :set_current_context
-
   after_action :log_failed_login, if: :action_new_and_failed_login?
 
   helper_method :captcha_enabled?, :captcha_on_login_required?
@@ -307,13 +305,6 @@ class SessionsController < Devise::SessionsController
     # We want tracking data pushed to the frontend when the user is _in_ the control group
     frontend_experimentation_tracking_data(:signup_flow, 'start') unless experiment_enabled?(:signup_flow)
   end
-
-  def set_current_context(&block)
-    Gitlab::ApplicationContext.with_context(
-      user: -> { current_user },
-      caller_id: "#{self.class.name}##{action_name}",
-      &block)
-  end
 end
 
 SessionsController.prepend_if_ee('EE::SessionsController')

spec/controllers/sessions_controller_spec.rb

@@ -497,13 +497,13 @@ describe SessionsController do
   end
 
   describe '#set_current_context' do
+    let_it_be(:user) { create(:user) }
+
     before do
       set_devise_mapping(context: @request)
     end
 
     context 'when signed in' do
-      let_it_be(:user) { create(:user) }
-
       before do
         sign_in(user)
       end
@@ -535,5 +535,25 @@ describe SessionsController do
         get :new
       end
     end
+
+    context 'when the user becomes locked' do
+      before do
+        user.update!(failed_attempts: User.maximum_attempts.pred)
+      end
+
+      it 'sets the caller_id in the context' do
+        allow_any_instance_of(User).to receive(:lock_access!).and_wrap_original do |m, *args|
+          expect(Labkit::Context.current.to_h)
+            .to include('meta.caller_id' => 'SessionsController#create')
+          expect(Labkit::Context.current.to_h)
+            .not_to include('meta.user')
+
+          m.call(*args)
+        end
+
+        post(:create,
+             params: { user: { login: user.username, password: user.password.succ } })
+      end
+    end
   end
 end