Merge branch 'master' of gitlab_gitlab:gitlab-org/gitlab-cerunner-metrics-extractor

1 files changed, 8 insertions, 5 deletions

diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 4317992d933..6769bd95c2b 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -46,7 +46,7 @@ module Gitlab
           user_with_password_for_git(login, password) ||
           Gitlab::Auth::Result.new
 
-        rate_limit!(ip, success: result.success?, login: login)
+        rate_limit!(ip, success: result.success?, login: login) unless skip_rate_limit?(login: login)
         Gitlab::Auth::UniqueIpsLimiter.limit_user!(result.actor)
 
         return result if result.success? || authenticate_using_internal_or_ldap_password?
@@ -94,6 +94,7 @@ module Gitlab
         end
       end
 
+      # rubocop:disable Gitlab/RailsLogger
       def rate_limit!(ip, success:, login:)
         rate_limiter = Gitlab::Auth::IpRateLimiter.new(ip)
         return unless rate_limiter.enabled?
@@ -114,9 +115,14 @@ module Gitlab
           end
         end
       end
+      # rubocop:enable Gitlab/RailsLogger
 
       private
 
+      def skip_rate_limit?(login:)
+        ::Ci::Build::CI_REGISTRY_USER == login
+      end
+
       def authenticate_using_internal_or_ldap_password?
         Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::Auth::LDAP::Config.enabled?
       end
@@ -192,12 +198,10 @@ module Gitlab
         end.uniq
       end
 
-      # rubocop: disable CodeReuse/ActiveRecord
       def deploy_token_check(login, password)
         return unless password.present?
 
-        token =
-          DeployToken.active.find_by(token: password)
+        token = DeployToken.active.find_by_token(password)
 
         return unless token && login
         return if login != token.username
@@ -208,7 +212,6 @@ module Gitlab
           Gitlab::Auth::Result.new(token, token.project, :deploy_token, scopes)
         end
       end
-      # rubocop: enable CodeReuse/ActiveRecord
 
       def lfs_token_check(login, encoded_token, project)
         deploy_key_matches = login.match(/\Alfs\+deploy-key-(\d+)\z/)