summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config/initializers/warden.rb10
-rw-r--r--lib/gitlab/auth/activity.rb10
-rw-r--r--spec/features/users/login_spec.rb6
-rw-r--r--spec/support/helpers/stub_metrics.rb5
4 files changed, 17 insertions, 14 deletions
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index 3d632232930..d64b659c6d7 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -2,16 +2,18 @@ Rails.application.configure do |config|
Warden::Manager.after_set_user(scope: :user) do |user, auth, opts|
Gitlab::Auth::UniqueIpsLimiter.limit_user!(user)
+ activity = Gitlab::Auth::Activity.new(user, opts)
+
case opts[:event]
when :authentication
- Gitlab::Auth::Activity.new(user, opts).user_authenticated!
+ activity.user_authenticated!
when :set_user
- Gitlab::Auth::Activity.new(user, opts).user_authenticated!
- Gitlab::Auth::Activity.new(user, opts).user_session_override!
+ activity.user_authenticated!
+ activity.user_session_override!
when :fetch # rubocop:disable Lint/EmptyWhen
# We ignore session fetch events
else
- Gitlab::Auth::Activity.new(user, opts).user_session_override!
+ activity.user_session_override!
end
end
diff --git a/lib/gitlab/auth/activity.rb b/lib/gitlab/auth/activity.rb
index 2004d1f393e..9f84c578d4f 100644
--- a/lib/gitlab/auth/activity.rb
+++ b/lib/gitlab/auth/activity.rb
@@ -7,15 +7,15 @@ module Gitlab
extend Gitlab::Utils::StrongMemoize
COUNTERS = {
- user_authenticated: 'Counter of total successful authentication events',
- user_unauthenticated: 'Counter of total authentication failures',
- user_not_found: 'Counter of total failed log-ins when user is unknown',
+ user_authenticated: 'Counter of successful authentication events',
+ user_unauthenticated: 'Counter of authentication failures',
+ user_not_found: 'Counter of failed log-ins when user is unknown',
user_password_invalid: 'Counter of failed log-ins with invalid password',
user_session_override: 'Counter of manual log-ins and sessions overrides',
- user_session_destroyed: 'Counter of total user sessions being destroyed',
+ user_session_destroyed: 'Counter of user sessions being destroyed',
user_two_factor_authenticated: 'Counter of two factor authentications',
user_sessionless_authentication: 'Counter of sessionless authentications',
- user_blocked: 'Counter of total sign in attempts when user is blocked'
+ user_blocked: 'Counter of sign in attempts when user is blocked'
}.freeze
def initialize(user, opts)
diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb
index e82978102aa..44758f862a8 100644
--- a/spec/features/users/login_spec.rb
+++ b/spec/features/users/login_spec.rb
@@ -159,6 +159,7 @@ describe 'Login' do
it 'blocks login with invalid code' do
# TODO invalid 2FA code does not generate any events
+ # See gitlab-org/gitlab-ce#49785
enter_code('foo')
@@ -233,7 +234,7 @@ describe 'Login' do
context 'with invalid code' do
it 'blocks login' do
# TODO, invalid two factor authentication does not increment
- # metrics / counters
+ # metrics / counters, see gitlab-org/gitlab-ce#49785
code = codes.sample
expect(user.invalidate_otp_backup_code!(code)).to eq true
@@ -267,7 +268,8 @@ describe 'Login' do
end
it 'signs user in without prompting for second factor' do
- # TODO, OAuth authentication does not fire events
+ # TODO, OAuth authentication does not fire events,
+ # see gitlab-org/gitlab-ce#49786
expect(authentication_metrics)
.to increment(:user_authenticated_counter)
diff --git a/spec/support/helpers/stub_metrics.rb b/spec/support/helpers/stub_metrics.rb
index d882346ec52..64983fdf222 100644
--- a/spec/support/helpers/stub_metrics.rb
+++ b/spec/support/helpers/stub_metrics.rb
@@ -5,9 +5,8 @@ module StubMetrics
def stub_authentication_activity_metrics(debug: false)
authentication_metrics.each_counter do |name, metric, description|
- double("#{metric} - #{description}").tap do |counter|
- allow(authentication_metrics).to receive(name).and_return(counter)
- end
+ allow(authentication_metrics).to receive(name)
+ .and_return(double("#{metric} - #{description}"))
end
debug_authentication_activity_metrics if debug