Add authentication metrics for sessionless sign in
This commit is contained in:
parent
c44541a506
commit
00e4d918a3
|
@ -378,7 +378,7 @@ class ApplicationController < ActionController::Base
|
|||
# actually stored in the session and a token is needed
|
||||
# for every request. If you want the token to work as a
|
||||
# sign in token, you can simply remove store: false.
|
||||
sign_in user, store: false
|
||||
sign_in(user, store: false, message: :sessionless_sign_in)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@ module Gitlab
|
|||
user_session_override: 'Counter of manual log-ins and sessions overrides',
|
||||
user_session_destroyed: 'Counter of total user sessions being destroyed',
|
||||
user_two_factor_authenticated: 'Counter of two factor authentications',
|
||||
user_sessionless_authentication: 'Counter of sessionless authentications',
|
||||
user_blocked: 'Counter of total sign in attempts when user is blocked'
|
||||
}.freeze
|
||||
|
||||
|
@ -42,8 +43,11 @@ module Gitlab
|
|||
def user_session_override!
|
||||
self.class.user_session_override_counter_increment!
|
||||
|
||||
if @opts[:message] == :two_factor_authenticated
|
||||
case @opts[:message]
|
||||
when :two_factor_authenticated
|
||||
self.class.user_two_factor_authenticated_counter_increment!
|
||||
when :sessionless_sign_in
|
||||
self.class.user_sessionless_authentication_counter_increment!
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -57,6 +57,10 @@ describe ApplicationController do
|
|||
end
|
||||
|
||||
describe "#authenticate_user_from_personal_access_token!" do
|
||||
before do
|
||||
stub_authentication_activity_metrics(debug: false)
|
||||
end
|
||||
|
||||
controller(described_class) do
|
||||
def index
|
||||
render text: 'authenticated'
|
||||
|
@ -67,7 +71,13 @@ describe ApplicationController do
|
|||
|
||||
context "when the 'personal_access_token' param is populated with the personal access token" do
|
||||
it "logs the user in" do
|
||||
expect(authentication_metrics)
|
||||
.to increment(:user_authenticated_counter)
|
||||
.and increment(:user_session_override_counter)
|
||||
.and increment(:user_sessionless_authentication_counter)
|
||||
|
||||
get :index, private_token: personal_access_token.token
|
||||
|
||||
expect(response).to have_gitlab_http_status(200)
|
||||
expect(response.body).to eq('authenticated')
|
||||
end
|
||||
|
@ -75,15 +85,25 @@ describe ApplicationController do
|
|||
|
||||
context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
|
||||
it "logs the user in" do
|
||||
expect(authentication_metrics)
|
||||
.to increment(:user_authenticated_counter)
|
||||
.and increment(:user_session_override_counter)
|
||||
.and increment(:user_sessionless_authentication_counter)
|
||||
|
||||
@request.headers["PRIVATE-TOKEN"] = personal_access_token.token
|
||||
get :index
|
||||
|
||||
expect(response).to have_gitlab_http_status(200)
|
||||
expect(response.body).to eq('authenticated')
|
||||
end
|
||||
end
|
||||
|
||||
it "doesn't log the user in otherwise" do
|
||||
expect(authentication_metrics)
|
||||
.to increment(:user_unauthenticated_counter)
|
||||
|
||||
get :index, private_token: "token"
|
||||
|
||||
expect(response.status).not_to eq(200)
|
||||
expect(response.body).not_to eq('authenticated')
|
||||
end
|
||||
|
@ -148,6 +168,10 @@ describe ApplicationController do
|
|||
end
|
||||
|
||||
describe '#authenticate_sessionless_user!' do
|
||||
before do
|
||||
stub_authentication_activity_metrics(debug: false)
|
||||
end
|
||||
|
||||
describe 'authenticating a user from a feed token' do
|
||||
controller(described_class) do
|
||||
def index
|
||||
|
@ -158,7 +182,13 @@ describe ApplicationController do
|
|||
context "when the 'feed_token' param is populated with the feed token" do
|
||||
context 'when the request format is atom' do
|
||||
it "logs the user in" do
|
||||
expect(authentication_metrics)
|
||||
.to increment(:user_authenticated_counter)
|
||||
.and increment(:user_session_override_counter)
|
||||
.and increment(:user_sessionless_authentication_counter)
|
||||
|
||||
get :index, feed_token: user.feed_token, format: :atom
|
||||
|
||||
expect(response).to have_gitlab_http_status 200
|
||||
expect(response.body).to eq 'authenticated'
|
||||
end
|
||||
|
@ -166,7 +196,13 @@ describe ApplicationController do
|
|||
|
||||
context 'when the request format is ics' do
|
||||
it "logs the user in" do
|
||||
expect(authentication_metrics)
|
||||
.to increment(:user_authenticated_counter)
|
||||
.and increment(:user_session_override_counter)
|
||||
.and increment(:user_sessionless_authentication_counter)
|
||||
|
||||
get :index, feed_token: user.feed_token, format: :ics
|
||||
|
||||
expect(response).to have_gitlab_http_status 200
|
||||
expect(response.body).to eq 'authenticated'
|
||||
end
|
||||
|
@ -174,7 +210,11 @@ describe ApplicationController do
|
|||
|
||||
context 'when the request format is neither atom nor ics' do
|
||||
it "doesn't log the user in" do
|
||||
expect(authentication_metrics)
|
||||
.to increment(:user_unauthenticated_counter)
|
||||
|
||||
get :index, feed_token: user.feed_token
|
||||
|
||||
expect(response.status).not_to have_gitlab_http_status 200
|
||||
expect(response.body).not_to eq 'authenticated'
|
||||
end
|
||||
|
@ -183,7 +223,11 @@ describe ApplicationController do
|
|||
|
||||
context "when the 'feed_token' param is populated with an invalid feed token" do
|
||||
it "doesn't log the user" do
|
||||
expect(authentication_metrics)
|
||||
.to increment(:user_unauthenticated_counter)
|
||||
|
||||
get :index, feed_token: 'token', format: :atom
|
||||
|
||||
expect(response.status).not_to eq 200
|
||||
expect(response.body).not_to eq 'authenticated'
|
||||
end
|
||||
|
|
|
@ -7,5 +7,8 @@ describe Gitlab::Auth::Activity do
|
|||
expect(described_class).to respond_to(counter)
|
||||
end
|
||||
end
|
||||
|
||||
# todo incrementer pairs
|
||||
# todo all metrics starting with `user`_
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue