diff options
author | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-02-17 12:52:27 +0100 |
---|---|---|
committer | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-03-06 15:41:25 +0100 |
commit | 8993801f0cefdc64b46b8fe30622cc78eaa03173 (patch) | |
tree | f9a9a38c91e99f03ea87978119a03538d1e91175 /lib | |
parent | 66dc71599cb698d380e14be7230ae3495c78d266 (diff) | |
download | gitlab-ce-8993801f0cefdc64b46b8fe30622cc78eaa03173.tar.gz |
Test various login scenarios if the limit gets enforced
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/api.rb | 4 | ||||
-rw-r--r-- | lib/api/helpers.rb | 15 | ||||
-rw-r--r-- | lib/gitlab/auth.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/auth/unique_ips_limiter.rb | 2 |
4 files changed, 14 insertions, 9 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 89449ce8813..6f37fa9d8e9 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -60,6 +60,10 @@ module API error! e.message, e.status, e.headers end + rescue_from Gitlab::Auth::TooManyIps do |e| + rack_response({'message'=>'403 Forbidden'}.to_json, 403) + end + rescue_from :all do |exception| handle_api_exception(exception) end diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index a43252a4661..f325f0a3050 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -336,16 +336,17 @@ module API def initial_current_user return @initial_current_user if defined?(@initial_current_user) + Gitlab::Auth::UniqueIpsLimiter.limit_user! do + @initial_current_user ||= find_user_by_private_token(scopes: @scopes) + @initial_current_user ||= doorkeeper_guard(scopes: @scopes) + @initial_current_user ||= find_user_from_warden - @initial_current_user ||= find_user_by_private_token(scopes: @scopes) - @initial_current_user ||= doorkeeper_guard(scopes: @scopes) - @initial_current_user ||= find_user_from_warden + unless @initial_current_user && Gitlab::UserAccess.new(@initial_current_user).allowed? + @initial_current_user = nil + end - unless @initial_current_user && Gitlab::UserAccess.new(@initial_current_user).allowed? - @initial_current_user = nil + @initial_current_user end - - @initial_current_user end def sudo! diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index be055080853..8e2aee2d7a0 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -22,7 +22,7 @@ module Gitlab user_with_password_for_git(login, password) || Gitlab::Auth::Result.new - Gitlab::Auth::UniqueIpsLimiter.limit_user! { result.actor } + Gitlab::Auth::UniqueIpsLimiter.limit_user!(result.actor) rate_limit!(ip, success: result.success?, login: login) diff --git a/lib/gitlab/auth/unique_ips_limiter.rb b/lib/gitlab/auth/unique_ips_limiter.rb index 01850ae31e8..7f849ef4c38 100644 --- a/lib/gitlab/auth/unique_ips_limiter.rb +++ b/lib/gitlab/auth/unique_ips_limiter.rb @@ -62,7 +62,7 @@ module Gitlab rescue TooManyIps => ex Rails.logger.info ex.message - [429, { 'Content-Type' => 'text/plain', 'Retry-After' => UniqueIpsLimiter.config.unique_ips_limit_time_window }, ["Retry later\n"]] + [403, { 'Content-Type' => 'text/plain', 'Retry-After' => UniqueIpsLimiter.config.unique_ips_limit_time_window }, ["Too many logins from different IPs\n"]] end end end |