diff options
author | Mayra Cabrera <mcabrera@gitlab.com> | 2019-07-08 08:59:02 -0500 |
---|---|---|
committer | Mayra Cabrera <mcabrera@gitlab.com> | 2019-07-08 08:59:04 -0500 |
commit | 0b833e3e3b8c44302e1841213d0c9f312876daab (patch) | |
tree | 36b0e82d9922a6b4a0e43221654fd076541d1cf5 | |
parent | d14d1340c6d26a132e8db1f9b883aa87276b457c (diff) | |
download | gitlab-ce-62756-follow-up-user-info-in-auth-log.tar.gz |
Limit user information to RackAttack throttles62756-follow-up-user-info-in-auth-log
rack.attack.match_discriminator is only return on
throttle_authenticated_api or throttle_authenticated_web requests, so
we're avoiding logging user_id on blacklist requests
Follow up of https://gitlab.com/gitlab-org/gitlab-ce/issues/62756
-rw-r--r-- | config/initializers/rack_attack_logging.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/rack_attack_logging.rb b/config/initializers/rack_attack_logging.rb index 338e968cc6c..7eb34bd69e5 100644 --- a/config/initializers/rack_attack_logging.rb +++ b/config/initializers/rack_attack_logging.rb @@ -12,7 +12,7 @@ ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, r fullpath: req.fullpath } - if req.env['rack.attack.matched'] != 'throttle_unauthenticated' + if %w(throttle_authenticated_api throttle_authenticated_web).include? req.env['rack.attack.matched'] user_id = req.env['rack.attack.match_discriminator'] user = User.find_by(id: user_id) |