Add authentication metrics for sessionless sign in

author: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2018-07-27 12:56:34 +0200
committer: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2018-07-27 12:56:34 +0200
commit: 00e4d918a3cf14a96d25822b6d65c7b6d8f00b63 (patch)
tree: 9aed0c16c8bd612dcfd1852cde5c2ac5c3a7f882
parent: c44541a506347225539afeb2e124f3210c8b2065 (diff)
download: gitlab-ce-00e4d918a3cf14a96d25822b6d65c7b6d8f00b63.tar.gz
4 files changed, 53 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f45fcd4d900..00e8948ac6e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -378,7 +378,7 @@ class ApplicationController < ActionController::Base
       # actually stored in the session and a token is needed
       # for every request. If you want the token to work as a
       # sign in token, you can simply remove store: false.
-      sign_in user, store: false
+      sign_in(user, store: false, message: :sessionless_sign_in)
     end
   end
 
diff --git a/lib/gitlab/auth/activity.rb b/lib/gitlab/auth/activity.rb
index d5d1428ba58..2004d1f393e 100644
--- a/lib/gitlab/auth/activity.rb
+++ b/lib/gitlab/auth/activity.rb
@@ -14,6 +14,7 @@ module Gitlab
         user_session_override: 'Counter of manual log-ins and sessions overrides',
         user_session_destroyed: 'Counter of total user sessions being destroyed',
         user_two_factor_authenticated: 'Counter of two factor authentications',
+        user_sessionless_authentication: 'Counter of sessionless authentications',
         user_blocked: 'Counter of total sign in attempts when user is blocked'
       }.freeze
 
@@ -42,8 +43,11 @@ module Gitlab
       def user_session_override!
         self.class.user_session_override_counter_increment!
 
-        if @opts[:message] == :two_factor_authenticated
+        case @opts[:message]
+        when :two_factor_authenticated
           self.class.user_two_factor_authenticated_counter_increment!
+        when :sessionless_sign_in
+          self.class.user_sessionless_authentication_counter_increment!
         end
       end
 
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 74f362fd7fc..5fe536dbdf6 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -57,6 +57,10 @@ describe ApplicationController do
   end
 
   describe "#authenticate_user_from_personal_access_token!" do
+    before do
+      stub_authentication_activity_metrics(debug: false)
+    end
+
     controller(described_class) do
       def index
         render text: 'authenticated'
@@ -67,7 +71,13 @@ describe ApplicationController do
 
     context "when the 'personal_access_token' param is populated with the personal access token" do
       it "logs the user in" do
+        expect(authentication_metrics)
+          .to increment(:user_authenticated_counter)
+          .and increment(:user_session_override_counter)
+          .and increment(:user_sessionless_authentication_counter)
+
         get :index, private_token: personal_access_token.token
+
         expect(response).to have_gitlab_http_status(200)
         expect(response.body).to eq('authenticated')
       end
@@ -75,15 +85,25 @@ describe ApplicationController do
 
     context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
       it "logs the user in" do
+        expect(authentication_metrics)
+          .to increment(:user_authenticated_counter)
+          .and increment(:user_session_override_counter)
+          .and increment(:user_sessionless_authentication_counter)
+
         @request.headers["PRIVATE-TOKEN"] = personal_access_token.token
         get :index
+
         expect(response).to have_gitlab_http_status(200)
         expect(response.body).to eq('authenticated')
       end
     end
 
     it "doesn't log the user in otherwise" do
+      expect(authentication_metrics)
+        .to increment(:user_unauthenticated_counter)
+
       get :index, private_token: "token"
+
       expect(response.status).not_to eq(200)
       expect(response.body).not_to eq('authenticated')
     end
@@ -148,6 +168,10 @@ describe ApplicationController do
   end
 
   describe '#authenticate_sessionless_user!' do
+    before do
+      stub_authentication_activity_metrics(debug: false)
+    end
+
     describe 'authenticating a user from a feed token' do
       controller(described_class) do
         def index
@@ -158,7 +182,13 @@ describe ApplicationController do
       context "when the 'feed_token' param is populated with the feed token" do
         context 'when the request format is atom' do
           it "logs the user in" do
+            expect(authentication_metrics)
+              .to increment(:user_authenticated_counter)
+              .and increment(:user_session_override_counter)
+              .and increment(:user_sessionless_authentication_counter)
+
             get :index, feed_token: user.feed_token, format: :atom
+
             expect(response).to have_gitlab_http_status 200
             expect(response.body).to eq 'authenticated'
           end
@@ -166,7 +196,13 @@ describe ApplicationController do
 
         context 'when the request format is ics' do
           it "logs the user in" do
+            expect(authentication_metrics)
+              .to increment(:user_authenticated_counter)
+              .and increment(:user_session_override_counter)
+              .and increment(:user_sessionless_authentication_counter)
+
             get :index, feed_token: user.feed_token, format: :ics
+
             expect(response).to have_gitlab_http_status 200
             expect(response.body).to eq 'authenticated'
           end
@@ -174,7 +210,11 @@ describe ApplicationController do
 
         context 'when the request format is neither atom nor ics' do
           it "doesn't log the user in" do
+            expect(authentication_metrics)
+              .to increment(:user_unauthenticated_counter)
+
             get :index, feed_token: user.feed_token
+
             expect(response.status).not_to have_gitlab_http_status 200
             expect(response.body).not_to eq 'authenticated'
           end
@@ -183,7 +223,11 @@ describe ApplicationController do
 
       context "when the 'feed_token' param is populated with an invalid feed token" do
         it "doesn't log the user" do
+          expect(authentication_metrics)
+            .to increment(:user_unauthenticated_counter)
+
           get :index, feed_token: 'token', format: :atom
+
           expect(response.status).not_to eq 200
           expect(response.body).not_to eq 'authenticated'
         end
diff --git a/spec/lib/gitlab/auth/activity_spec.rb b/spec/lib/gitlab/auth/activity_spec.rb
index 49aeb6e1f7c..89ba8894821 100644
--- a/spec/lib/gitlab/auth/activity_spec.rb
+++ b/spec/lib/gitlab/auth/activity_spec.rb
@@ -7,5 +7,8 @@ describe Gitlab::Auth::Activity do
         expect(described_class).to respond_to(counter)
       end
     end
+
+    # todo incrementer pairs
+    # todo all metrics starting with `user`_
   end
 end
author	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2018-07-27 12:56:34 +0200
committer	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2018-07-27 12:56:34 +0200
commit	00e4d918a3cf14a96d25822b6d65c7b6d8f00b63 (patch)
tree	9aed0c16c8bd612dcfd1852cde5c2ac5c3a7f882
parent	c44541a506347225539afeb2e124f3210c8b2065 (diff)
download	gitlab-ce-00e4d918a3cf14a96d25822b6d65c7b6d8f00b63.tar.gz