Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
de8f8cdf
Commit
de8f8cdf
authored
Jul 31, 2018
by
Grzegorz Bizon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve authentication activity code readability
parent
719eeb0f
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
17 additions
and
14 deletions
+17
-14
config/initializers/warden.rb
config/initializers/warden.rb
+6
-4
lib/gitlab/auth/activity.rb
lib/gitlab/auth/activity.rb
+5
-5
spec/features/users/login_spec.rb
spec/features/users/login_spec.rb
+4
-2
spec/support/helpers/stub_metrics.rb
spec/support/helpers/stub_metrics.rb
+2
-3
No files found.
config/initializers/warden.rb
View file @
de8f8cdf
...
@@ -2,16 +2,18 @@ Rails.application.configure do |config|
...
@@ -2,16 +2,18 @@ Rails.application.configure do |config|
Warden
::
Manager
.
after_set_user
(
scope: :user
)
do
|
user
,
auth
,
opts
|
Warden
::
Manager
.
after_set_user
(
scope: :user
)
do
|
user
,
auth
,
opts
|
Gitlab
::
Auth
::
UniqueIpsLimiter
.
limit_user!
(
user
)
Gitlab
::
Auth
::
UniqueIpsLimiter
.
limit_user!
(
user
)
activity
=
Gitlab
::
Auth
::
Activity
.
new
(
user
,
opts
)
case
opts
[
:event
]
case
opts
[
:event
]
when
:authentication
when
:authentication
Gitlab
::
Auth
::
Activity
.
new
(
user
,
opts
)
.
user_authenticated!
activity
.
user_authenticated!
when
:set_user
when
:set_user
Gitlab
::
Auth
::
Activity
.
new
(
user
,
opts
)
.
user_authenticated!
activity
.
user_authenticated!
Gitlab
::
Auth
::
Activity
.
new
(
user
,
opts
)
.
user_session_override!
activity
.
user_session_override!
when
:fetch
# rubocop:disable Lint/EmptyWhen
when
:fetch
# rubocop:disable Lint/EmptyWhen
# We ignore session fetch events
# We ignore session fetch events
else
else
Gitlab
::
Auth
::
Activity
.
new
(
user
,
opts
)
.
user_session_override!
activity
.
user_session_override!
end
end
end
end
...
...
lib/gitlab/auth/activity.rb
View file @
de8f8cdf
...
@@ -7,15 +7,15 @@ module Gitlab
...
@@ -7,15 +7,15 @@ module Gitlab
extend
Gitlab
::
Utils
::
StrongMemoize
extend
Gitlab
::
Utils
::
StrongMemoize
COUNTERS
=
{
COUNTERS
=
{
user_authenticated:
'Counter of
total
successful authentication events'
,
user_authenticated:
'Counter of successful authentication events'
,
user_unauthenticated:
'Counter of
total
authentication failures'
,
user_unauthenticated:
'Counter of authentication failures'
,
user_not_found:
'Counter of
total
failed log-ins when user is unknown'
,
user_not_found:
'Counter of failed log-ins when user is unknown'
,
user_password_invalid:
'Counter of failed log-ins with invalid password'
,
user_password_invalid:
'Counter of failed log-ins with invalid password'
,
user_session_override:
'Counter of manual log-ins and sessions overrides'
,
user_session_override:
'Counter of manual log-ins and sessions overrides'
,
user_session_destroyed:
'Counter of
total
user sessions being destroyed'
,
user_session_destroyed:
'Counter of user sessions being destroyed'
,
user_two_factor_authenticated:
'Counter of two factor authentications'
,
user_two_factor_authenticated:
'Counter of two factor authentications'
,
user_sessionless_authentication:
'Counter of sessionless authentications'
,
user_sessionless_authentication:
'Counter of sessionless authentications'
,
user_blocked:
'Counter of
total
sign in attempts when user is blocked'
user_blocked:
'Counter of sign in attempts when user is blocked'
}.
freeze
}.
freeze
def
initialize
(
user
,
opts
)
def
initialize
(
user
,
opts
)
...
...
spec/features/users/login_spec.rb
View file @
de8f8cdf
...
@@ -159,6 +159,7 @@ describe 'Login' do
...
@@ -159,6 +159,7 @@ describe 'Login' do
it
'blocks login with invalid code'
do
it
'blocks login with invalid code'
do
# TODO invalid 2FA code does not generate any events
# TODO invalid 2FA code does not generate any events
# See gitlab-org/gitlab-ce#49785
enter_code
(
'foo'
)
enter_code
(
'foo'
)
...
@@ -233,7 +234,7 @@ describe 'Login' do
...
@@ -233,7 +234,7 @@ describe 'Login' do
context
'with invalid code'
do
context
'with invalid code'
do
it
'blocks login'
do
it
'blocks login'
do
# TODO, invalid two factor authentication does not increment
# TODO, invalid two factor authentication does not increment
# metrics / counters
# metrics / counters
, see gitlab-org/gitlab-ce#49785
code
=
codes
.
sample
code
=
codes
.
sample
expect
(
user
.
invalidate_otp_backup_code!
(
code
)).
to
eq
true
expect
(
user
.
invalidate_otp_backup_code!
(
code
)).
to
eq
true
...
@@ -267,7 +268,8 @@ describe 'Login' do
...
@@ -267,7 +268,8 @@ describe 'Login' do
end
end
it
'signs user in without prompting for second factor'
do
it
'signs user in without prompting for second factor'
do
# TODO, OAuth authentication does not fire events
# TODO, OAuth authentication does not fire events,
# see gitlab-org/gitlab-ce#49786
expect
(
authentication_metrics
)
expect
(
authentication_metrics
)
.
to
increment
(
:user_authenticated_counter
)
.
to
increment
(
:user_authenticated_counter
)
...
...
spec/support/helpers/stub_metrics.rb
View file @
de8f8cdf
...
@@ -5,9 +5,8 @@ module StubMetrics
...
@@ -5,9 +5,8 @@ module StubMetrics
def
stub_authentication_activity_metrics
(
debug:
false
)
def
stub_authentication_activity_metrics
(
debug:
false
)
authentication_metrics
.
each_counter
do
|
name
,
metric
,
description
|
authentication_metrics
.
each_counter
do
|
name
,
metric
,
description
|
double
(
"
#{
metric
}
-
#{
description
}
"
).
tap
do
|
counter
|
allow
(
authentication_metrics
).
to
receive
(
name
)
allow
(
authentication_metrics
).
to
receive
(
name
).
and_return
(
counter
)
.
and_return
(
double
(
"
#{
metric
}
-
#{
description
}
"
))
end
end
end
debug_authentication_activity_metrics
if
debug
debug_authentication_activity_metrics
if
debug
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment