diff options
Diffstat (limited to 'app/controllers/jwt_controller.rb')
| -rw-r--r-- | app/controllers/jwt_controller.rb | 42 |
1 files changed, 2 insertions, 40 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index cee3b6c43e7..131a16dad9b 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -42,46 +42,8 @@ class JwtController < ApplicationController end def authenticate_user(login, password) - # TODO: this is a copy and paste from grack_auth, - # it should be refactored in the future - - user = Gitlab::Auth.new.find(login, password) - - # If the user authenticated successfully, we reset the auth failure count - # from Rack::Attack for that IP. A client may attempt to authenticate - # with a username and blank password first, and only after it receives - # a 401 error does it present a password. Resetting the count prevents - # false positives from occurring. - # - # Otherwise, we let Rack::Attack know there was a failed authentication - # attempt from this IP. This information is stored in the Rails cache - # (Redis) and will be used by the Rack::Attack middleware to decide - # whether to block requests from this IP. - config = Gitlab.config.rack_attack.git_basic_auth - - if config.enabled - if user - # A successful login will reset the auth failure count from this IP - Rack::Attack::Allow2Ban.reset(request.ip, config) - else - banned = Rack::Attack::Allow2Ban.filter(request.ip, config) do - # Unless the IP is whitelisted, return true so that Allow2Ban - # increments the counter (stored in Rails.cache) for the IP - if config.ip_whitelist.include?(request.ip) - false - else - true - end - end - - if banned - Rails.logger.info "IP #{request.ip} failed to login " \ - "as #{login} but has been temporarily banned from Git auth" - return - end - end - end - + user = Gitlab::Auth.find_in_gitlab_or_ldap(login, password) + Gitlab::Auth.rate_limit!(request.ip, success: user.present?, login: login) user end end |