summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG1
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.lock4
-rw-r--r--lib/gitlab/backend/grack_auth.rb1
-rw-r--r--lib/gitlab/backend/rack_attack_helpers.rb31
-rw-r--r--spec/lib/gitlab/backend/grack_auth_spec.rb2
-rw-r--r--spec/lib/gitlab/backend/rack_attack_helpers_spec.rb35
7 files changed, 5 insertions, 71 deletions
diff --git a/CHANGELOG b/CHANGELOG
index ed9ffefb67f..aebebd8bfd9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 7.12.0 (unreleased)
- Add web hook support for note events (Stan Hu)
- Disable "New Issue" and "New Merge Request" buttons when features are disabled in project settings (Stan Hu)
+ - Remove Rack Attack monkey patches and bump to version 4.3.0 (Stan Hu)
- Allow to configure location of the `.gitlab_shell_secret` file. (Jakub Jirutka)
- Disabled expansion of top/bottom blobs for new file diffs
- Update Asciidoctor gem to version 1.5.2. (Jakub Jirutka)
diff --git a/Gemfile b/Gemfile
index c47a947cab0..5bf71b871e9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -172,7 +172,7 @@ gem "underscore-rails", "~> 1.4.4"
gem "sanitize", '~> 2.0'
# Protect against bruteforcing
-gem "rack-attack"
+gem "rack-attack", '~> 4.3.0'
# Ace editor
gem 'ace-rails-ap'
diff --git a/Gemfile.lock b/Gemfile.lock
index 529131f09b0..4aa56cc7a9a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -421,7 +421,7 @@ GEM
rack (1.5.2)
rack-accept (0.4.5)
rack (>= 0.4)
- rack-attack (4.2.0)
+ rack-attack (4.3.0)
rack
rack-cors (0.2.9)
rack-mini-profiler (0.9.0)
@@ -764,7 +764,7 @@ DEPENDENCIES
poltergeist (~> 1.5.1)
pry-rails
quiet_assets (~> 1.0.1)
- rack-attack
+ rack-attack (~> 4.3.0)
rack-cors
rack-mini-profiler
rack-oauth2 (~> 1.0.5)
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index 050b5ba29dd..03cef30c97d 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -1,4 +1,3 @@
-require_relative 'rack_attack_helpers'
require_relative 'shell_env'
module Grack
diff --git a/lib/gitlab/backend/rack_attack_helpers.rb b/lib/gitlab/backend/rack_attack_helpers.rb
deleted file mode 100644
index 8538f3f6eca..00000000000
--- a/lib/gitlab/backend/rack_attack_helpers.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-# rack-attack v4.2.0 doesn't yet support clearing of keys.
-# Taken from https://github.com/kickstarter/rack-attack/issues/113
-class Rack::Attack::Allow2Ban
- def self.reset(discriminator, options)
- findtime = options[:findtime] or raise ArgumentError, "Must pass findtime option"
-
- cache.reset_count("#{key_prefix}:count:#{discriminator}", findtime)
- cache.delete("#{key_prefix}:ban:#{discriminator}")
- end
-end
-
-class Rack::Attack::Cache
- def reset_count(unprefixed_key, period)
- epoch_time = Time.now.to_i
- # Add 1 to expires_in to avoid timing error: http://git.io/i1PHXA
- expires_in = period - (epoch_time % period) + 1
- key = "#{(epoch_time / period).to_i}:#{unprefixed_key}"
- delete(key)
- end
-
- def delete(unprefixed_key)
- store.delete("#{prefix}:#{unprefixed_key}")
- end
-end
-
-class Rack::Attack::StoreProxy::RedisStoreProxy
- def delete(key, options={})
- self.del(key)
- rescue Redis::BaseError
- end
-end
diff --git a/spec/lib/gitlab/backend/grack_auth_spec.rb b/spec/lib/gitlab/backend/grack_auth_spec.rb
index d0aad54f677..42c9946d2a9 100644
--- a/spec/lib/gitlab/backend/grack_auth_spec.rb
+++ b/spec/lib/gitlab/backend/grack_auth_spec.rb
@@ -156,7 +156,7 @@ describe Grack::Auth do
end
expect(attempt_login(true)).to eq(200)
- expect(Rack::Attack::Allow2Ban.send(:banned?, ip)).to eq(nil)
+ expect(Rack::Attack::Allow2Ban.banned?(ip)).to be_falsey
for n in 0..maxretry do
expect(attempt_login(false)).to eq(401)
diff --git a/spec/lib/gitlab/backend/rack_attack_helpers_spec.rb b/spec/lib/gitlab/backend/rack_attack_helpers_spec.rb
deleted file mode 100644
index 2ac496fd669..00000000000
--- a/spec/lib/gitlab/backend/rack_attack_helpers_spec.rb
+++ /dev/null
@@ -1,35 +0,0 @@
-require "spec_helper"
-
-describe 'RackAttackHelpers' do
- describe 'reset' do
- let(:discriminator) { 'test-key'}
- let(:maxretry) { 5 }
- let(:period) { 1.minute }
- let(:options) { { findtime: period, bantime: 60, maxretry: maxretry } }
-
- def do_filter
- for i in 1..maxretry - 1 do
- status = Rack::Attack::Allow2Ban.filter(discriminator, options) { true }
- expect(status).to eq(false)
- end
- end
-
- def do_reset
- Rack::Attack::Allow2Ban.reset(discriminator, options)
- end
-
- before do
- do_reset
- end
-
- after do
- do_reset
- end
-
- it 'user is not banned after n - 1 retries' do
- do_filter
- do_reset
- do_filter
- end
- end
-end