diff options
Diffstat (limited to 'config/initializers/warden.rb')
| -rw-r--r-- | config/initializers/warden.rb | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index d64b659c6d7..33f55069c3e 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -2,7 +2,7 @@ Rails.application.configure do |config| Warden::Manager.after_set_user(scope: :user) do |user, auth, opts| Gitlab::Auth::UniqueIpsLimiter.limit_user!(user) - activity = Gitlab::Auth::Activity.new(user, opts) + activity = Gitlab::Auth::Activity.new(opts) case opts[:event] when :authentication @@ -26,16 +26,32 @@ Rails.application.configure do |config| end Warden::Manager.before_failure(scope: :user) do |env, opts| - tracker = Gitlab::Auth::BlockedUserTracker.new(env) - tracker.log_blocked_user_activity! if tracker.user_blocked? - - Gitlab::Auth::Activity.new(tracker.user, opts).user_authentication_failed! + Gitlab::Auth::Activity.new(opts).user_authentication_failed! end - Warden::Manager.before_logout(scope: :user) do |user_warden, auth, opts| - user = user_warden || auth.user + Warden::Manager.before_logout(scope: :user) do |user, auth, opts| + user ||= auth.user + activity = Gitlab::Auth::Activity.new(opts) + tracker = Gitlab::Auth::BlockedUserTracker.new(user, auth) ActiveSession.destroy(user, auth.request.session.id) - Gitlab::Auth::Activity.new(user, opts).user_session_destroyed! + activity.user_session_destroyed! + + ## + # It is possible that `before_logout` event is going to be triggered + # multiple times during the request lifecycle. We want to increment + # metrics and write logs only once in that case. + # + # 'warden.auth.*' is our custom hash key that follows usual convention + # of naming keys in the Rack env hash. + # + next if auth.env['warden.auth.user.blocked'] + + if user.blocked? + activity.user_blocked! + tracker.log_activity! + end + + auth.env['warden.auth.user.blocked'] = true end end |