Exempt `jwt/auth` for user `gitlab-ci-token` from rate limiting

author: Marius Bobin <mbobin@gitlab.com> 2019-08-23 08:05:48 +0000
committer: Jan Provaznik <jprovaznik@gitlab.com> 2019-08-23 08:05:48 +0000
commit: d51365efe7378eed087d9d925dec1624cb933ae6 (patch)
tree: 4009ee7ace0a88bc945b5fd2f901beb63cb525e9 /lib
parent: 8634cca30083746e44121ccef060fd11f548f672 (diff)
download: gitlab-ce-d51365efe7378eed087d9d925dec1624cb933ae6.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 82e0c7ceeaa..e17a096ef19 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -46,7 +46,7 @@ module Gitlab
           user_with_password_for_git(login, password) ||
           Gitlab::Auth::Result.new
 
-        rate_limit!(ip, success: result.success?, login: login)
+        rate_limit!(ip, success: result.success?, login: login) unless skip_rate_limit?(login: login)
         Gitlab::Auth::UniqueIpsLimiter.limit_user!(result.actor)
 
         return result if result.success? || authenticate_using_internal_or_ldap_password?
@@ -119,6 +119,10 @@ module Gitlab
 
       private
 
+      def skip_rate_limit?(login:)
+        ::Ci::Build::CI_REGISTRY_USER == login
+      end
+
       def authenticate_using_internal_or_ldap_password?
         Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::Auth::LDAP::Config.enabled?
       end
author	Marius Bobin <mbobin@gitlab.com>	2019-08-23 08:05:48 +0000
committer	Jan Provaznik <jprovaznik@gitlab.com>	2019-08-23 08:05:48 +0000
commit	d51365efe7378eed087d9d925dec1624cb933ae6 (patch)
tree	4009ee7ace0a88bc945b5fd2f901beb63cb525e9 /lib
parent	8634cca30083746e44121ccef060fd11f548f672 (diff)
download	gitlab-ce-d51365efe7378eed087d9d925dec1624cb933ae6.tar.gz