Implement scaffold of authentication activity metrics
This commit is contained in:
parent
7f0431dd85
commit
416076610e
3 changed files with 92 additions and 0 deletions
|
@ -5,17 +5,29 @@ Rails.application.configure do |config|
|
||||||
|
|
||||||
Warden::Manager.before_failure(scope: :user) do |env, opts|
|
Warden::Manager.before_failure(scope: :user) do |env, opts|
|
||||||
Gitlab::Auth::BlockedUserTracker.log_if_user_blocked(env)
|
Gitlab::Auth::BlockedUserTracker.log_if_user_blocked(env)
|
||||||
|
|
||||||
|
Gitlab::Auth::Activity.new(opts).user_authentication_failed!
|
||||||
end
|
end
|
||||||
|
|
||||||
Warden::Manager.after_authentication(scope: :user) do |user, auth, opts|
|
Warden::Manager.after_authentication(scope: :user) do |user, auth, opts|
|
||||||
ActiveSession.cleanup(user)
|
ActiveSession.cleanup(user)
|
||||||
|
|
||||||
|
Gitlab::Auth::Activity.new(opts).user_authenticated!
|
||||||
end
|
end
|
||||||
|
|
||||||
Warden::Manager.after_set_user(scope: :user, only: :fetch) do |user, auth, opts|
|
Warden::Manager.after_set_user(scope: :user, only: :fetch) do |user, auth, opts|
|
||||||
ActiveSession.set(user, auth.request)
|
ActiveSession.set(user, auth.request)
|
||||||
|
|
||||||
|
Gitlab::Auth::Activity.new(opts).user_session_fetched!
|
||||||
|
end
|
||||||
|
|
||||||
|
Warden::Manager.after_set_user(scope: :user, only: :set_user) do |user, auth, opts|
|
||||||
|
Gitlab::Auth::Activity.new(opts).user_set_manually!
|
||||||
end
|
end
|
||||||
|
|
||||||
Warden::Manager.before_logout(scope: :user) do |user, auth, opts|
|
Warden::Manager.before_logout(scope: :user) do |user, auth, opts|
|
||||||
ActiveSession.destroy(user || auth.user, auth.request.session.id)
|
ActiveSession.destroy(user || auth.user, auth.request.session.id)
|
||||||
|
|
||||||
|
Gitlab::Auth::Activity.new(opts).user_logout!
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
69
lib/gitlab/auth/activity.rb
Normal file
69
lib/gitlab/auth/activity.rb
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
module Gitlab
|
||||||
|
module Auth
|
||||||
|
##
|
||||||
|
# Metrics and logging for user authentication activity.
|
||||||
|
#
|
||||||
|
class Activity
|
||||||
|
extend Gitlab::Utils::StrongMemoize
|
||||||
|
|
||||||
|
COUNTERS = {
|
||||||
|
user_authenticated: 'Counter of total successful authentication events',
|
||||||
|
user_unauthenticated: 'Counter of total authentication failures',
|
||||||
|
user_not_found: 'Counter of total failed log-ins when user is unknown',
|
||||||
|
user_password_invalid: 'Counter of failed log-ins with invalid password',
|
||||||
|
user_session_fetched: 'Counter of total sessions fetched',
|
||||||
|
user_session_override: 'Counter of manual log-ins and sessions overrides',
|
||||||
|
user_signed_out: 'Counter of total user sign out events'
|
||||||
|
}.freeze
|
||||||
|
|
||||||
|
def initialize(opts)
|
||||||
|
@opts = opts
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_authentication_failed!
|
||||||
|
self.class.user_unauthenticated_counter.increment
|
||||||
|
|
||||||
|
case @opts[:message]
|
||||||
|
when :not_found_in_database
|
||||||
|
self.class.user_not_found_counter.increment
|
||||||
|
when :invalid
|
||||||
|
self.class.user_password_invalid_counter.increment
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_authenticated!
|
||||||
|
self.class.user_authenticated_counter.increment
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_session_fetched!
|
||||||
|
self.class.user_session_fetched_counter.increment
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_set_manually!
|
||||||
|
self.class.user_session_override_counter.increment
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_logout!
|
||||||
|
self.class.user_signed_out_counter.increment
|
||||||
|
end
|
||||||
|
|
||||||
|
class StubCounter
|
||||||
|
def initialize(metric)
|
||||||
|
Rails.logger.warn("METRIC #{metric}")
|
||||||
|
end
|
||||||
|
|
||||||
|
def increment
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
COUNTERS.each_pair do |metric, description|
|
||||||
|
define_singleton_method("#{metric}_counter") do
|
||||||
|
strong_memoize(metric) do
|
||||||
|
StubCounter.new(metric)
|
||||||
|
# Gitlab::Metrics.counter("gitlab_auth_#{metric}_total", description)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
11
spec/lib/gitlab/auth/activity_spec.rb
Normal file
11
spec/lib/gitlab/auth/activity_spec.rb
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe Gitlab::Auth::Activity do
|
||||||
|
describe 'counters' do
|
||||||
|
it 'has all static counters defined' do
|
||||||
|
described_class::COUNTERS.each_key do |metric|
|
||||||
|
expect(described_class).to respond_to("#{metric}_counter")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue