From e5cf3f51fb568361a247d715facb6cd9bb15bb16 Mon Sep 17 00:00:00 2001
From: Pawel Chojnacki <pawel@chojnacki.ws>
Date: Mon, 6 Feb 2017 13:48:46 +0100
Subject: Allow limiting logging in users from too many different IPs.

---
 config/initializers/doorkeeper.rb      | 6 ++++--
 config/initializers/request_context.rb | 3 +++
 2 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 config/initializers/request_context.rb

(limited to 'config/initializers')

diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 88cd0f5f652..44b658e5872 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -12,8 +12,10 @@ Doorkeeper.configure do
   end
 
   resource_owner_from_credentials do |routes|
-    user = Gitlab::Auth.find_with_user_password(params[:username], params[:password])
-    user unless user.try(:two_factor_enabled?)
+    Gitlab::Auth::UniqueIpsLimiter.limit_user! do
+      user = Gitlab::Auth.find_with_user_password(params[:username], params[:password])
+      user unless user.try(:two_factor_enabled?)
+    end
   end
 
   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
diff --git a/config/initializers/request_context.rb b/config/initializers/request_context.rb
new file mode 100644
index 00000000000..0b485fc1adc
--- /dev/null
+++ b/config/initializers/request_context.rb
@@ -0,0 +1,3 @@
+Rails.application.configure do |config|
+  config.middleware.insert_after RequestStore::Middleware, Gitlab::RequestContext
+end
-- 
cgit v1.2.1