Test various login scenarios if the limit gets enforced

author: Pawel Chojnacki <pawel@chojnacki.ws> 2017-02-17 12:52:27 +0100
committer: Pawel Chojnacki <pawel@chojnacki.ws> 2017-03-06 15:41:25 +0100
commit: 8993801f0cefdc64b46b8fe30622cc78eaa03173 (patch)
tree: f9a9a38c91e99f03ea87978119a03538d1e91175 /lib/api/helpers.rb
parent: 66dc71599cb698d380e14be7230ae3495c78d266 (diff)
download: gitlab-ce-8993801f0cefdc64b46b8fe30622cc78eaa03173.tar.gz
1 files changed, 8 insertions, 7 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index a43252a4661..f325f0a3050 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -336,16 +336,17 @@ module API
 
     def initial_current_user
       return @initial_current_user if defined?(@initial_current_user)
+      Gitlab::Auth::UniqueIpsLimiter.limit_user! do
+        @initial_current_user ||= find_user_by_private_token(scopes: @scopes)
+        @initial_current_user ||= doorkeeper_guard(scopes: @scopes)
+        @initial_current_user ||= find_user_from_warden
 
-      @initial_current_user ||= find_user_by_private_token(scopes: @scopes)
-      @initial_current_user ||= doorkeeper_guard(scopes: @scopes)
-      @initial_current_user ||= find_user_from_warden
+        unless @initial_current_user && Gitlab::UserAccess.new(@initial_current_user).allowed?
+          @initial_current_user = nil
+        end
 
-      unless @initial_current_user && Gitlab::UserAccess.new(@initial_current_user).allowed?
-        @initial_current_user = nil
+        @initial_current_user
       end
-
-      @initial_current_user
     end
 
     def sudo!
author	Pawel Chojnacki <pawel@chojnacki.ws>	2017-02-17 12:52:27 +0100
committer	Pawel Chojnacki <pawel@chojnacki.ws>	2017-03-06 15:41:25 +0100
commit	8993801f0cefdc64b46b8fe30622cc78eaa03173 (patch)
tree	f9a9a38c91e99f03ea87978119a03538d1e91175 /lib/api/helpers.rb
parent	66dc71599cb698d380e14be7230ae3495c78d266 (diff)
download	gitlab-ce-8993801f0cefdc64b46b8fe30622cc78eaa03173.tar.gz