summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorPawel Chojnacki <pawel@chojnacki.ws>2017-02-06 13:48:46 +0100
committerPawel Chojnacki <pawel@chojnacki.ws>2017-03-06 15:41:24 +0100
commite5cf3f51fb568361a247d715facb6cd9bb15bb16 (patch)
treed12f9644c8b0dd0765fd0de90d69027848341083 /config
parent27729aa3a4666c6b06006c76023f4bff60f8ba25 (diff)
downloadgitlab-ce-e5cf3f51fb568361a247d715facb6cd9bb15bb16.tar.gz
Allow limiting logging in users from too many different IPs.
Diffstat (limited to 'config')
-rw-r--r--config/application.rb5
-rw-r--r--config/initializers/doorkeeper.rb6
-rw-r--r--config/initializers/request_context.rb3
3 files changed, 12 insertions, 2 deletions
diff --git a/config/application.rb b/config/application.rb
index f1a986d1731..c4dea9e92b0 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -7,6 +7,9 @@ Bundler.require(:default, Rails.env)
module Gitlab
class Application < Rails::Application
require_dependency Rails.root.join('lib/gitlab/redis')
+ require_dependency Rails.root.join('lib/gitlab/request_context')
+ require_dependency Rails.root.join('lib/gitlab/auth')
+ require_dependency Rails.root.join('lib/gitlab/auth/unique_ips_limiter')
# Settings in config/environments/* take precedence over those specified here.
# Application configuration should go into files in config/initializers
@@ -111,6 +114,8 @@ module Gitlab
config.middleware.insert_before Warden::Manager, Rack::Attack
+ config.middleware.insert_before Warden::Manager, Gitlab::Auth::UniqueIpsLimiter
+
# Allow access to GitLab API from other domains
config.middleware.insert_before Warden::Manager, Rack::Cors do
allow do
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 88cd0f5f652..44b658e5872 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -12,8 +12,10 @@ Doorkeeper.configure do
end
resource_owner_from_credentials do |routes|
- user = Gitlab::Auth.find_with_user_password(params[:username], params[:password])
- user unless user.try(:two_factor_enabled?)
+ Gitlab::Auth::UniqueIpsLimiter.limit_user! do
+ user = Gitlab::Auth.find_with_user_password(params[:username], params[:password])
+ user unless user.try(:two_factor_enabled?)
+ end
end
# If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
diff --git a/config/initializers/request_context.rb b/config/initializers/request_context.rb
new file mode 100644
index 00000000000..0b485fc1adc
--- /dev/null
+++ b/config/initializers/request_context.rb
@@ -0,0 +1,3 @@
+Rails.application.configure do |config|
+ config.middleware.insert_after RequestStore::Middleware, Gitlab::RequestContext
+end