summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changelogs/unreleased/32598-avoid-resource-intensive-login-checks-if-password-is-not-provided-for-git-http.yml4
-rw-r--r--lib/gitlab/auth.rb5
2 files changed, 8 insertions, 1 deletions
diff --git a/changelogs/unreleased/32598-avoid-resource-intensive-login-checks-if-password-is-not-provided-for-git-http.yml b/changelogs/unreleased/32598-avoid-resource-intensive-login-checks-if-password-is-not-provided-for-git-http.yml
new file mode 100644
index 00000000000..6da7491bbda
--- /dev/null
+++ b/changelogs/unreleased/32598-avoid-resource-intensive-login-checks-if-password-is-not-provided-for-git-http.yml
@@ -0,0 +1,4 @@
+---
+title: Avoid resource intensive login checks if password is not provided.
+merge_request: 11537
+author: Horatiu Eugen Vlad
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index ea918b23a63..099c45dcfb7 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -37,6 +37,9 @@ module Gitlab
end
def find_with_user_password(login, password)
+ # Avoid resource intensive login checks if password is not provided
+ return unless password.present?
+
Gitlab::Auth::UniqueIpsLimiter.limit_user! do
user = User.by_login(login)
@@ -44,7 +47,7 @@ module Gitlab
# LDAP users are only authenticated via LDAP
if user.nil? || user.ldap_user?
# Second chance - try LDAP authentication
- return nil unless Gitlab::LDAP::Config.enabled?
+ return unless Gitlab::LDAP::Config.enabled?
Gitlab::LDAP::Authentication.login(login, password)
else