Limit user information to RackAttack throttles62756-follow-up-user-info-in-auth-log

rack.attack.match_discriminator is only return on throttle_authenticated_api or throttle_authenticated_web requests, so we're avoiding logging user_id on blacklist requests Follow up of https://gitlab.com/gitlab-org/gitlab-ce/issues/62756
author: Mayra Cabrera <mcabrera@gitlab.com> 2019-07-08 08:59:02 -0500
committer: Mayra Cabrera <mcabrera@gitlab.com> 2019-07-08 08:59:04 -0500
commit: 0b833e3e3b8c44302e1841213d0c9f312876daab (patch)
tree: 36b0e82d9922a6b4a0e43221654fd076541d1cf5
parent: d14d1340c6d26a132e8db1f9b883aa87276b457c (diff)
download: gitlab-ce-62756-follow-up-user-info-in-auth-log.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/rack_attack_logging.rb b/config/initializers/rack_attack_logging.rb
index 338e968cc6c..7eb34bd69e5 100644
--- a/config/initializers/rack_attack_logging.rb
+++ b/config/initializers/rack_attack_logging.rb
@@ -12,7 +12,7 @@ ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, r
       fullpath: req.fullpath
     }
 
-    if req.env['rack.attack.matched'] != 'throttle_unauthenticated'
+    if %w(throttle_authenticated_api throttle_authenticated_web).include? req.env['rack.attack.matched']
       user_id = req.env['rack.attack.match_discriminator']
       user = User.find_by(id: user_id)
author	Mayra Cabrera <mcabrera@gitlab.com>	2019-07-08 08:59:02 -0500
committer	Mayra Cabrera <mcabrera@gitlab.com>	2019-07-08 08:59:04 -0500
commit	0b833e3e3b8c44302e1841213d0c9f312876daab (patch)
tree	36b0e82d9922a6b4a0e43221654fd076541d1cf5
parent	d14d1340c6d26a132e8db1f9b883aa87276b457c (diff)
download	gitlab-ce-62756-follow-up-user-info-in-auth-log.tar.gz