diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index 3d632232930..d64b659c6d7 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -2,16 +2,18 @@ Rails.application.configure do |config| Warden::Manager.after_set_user(scope: :user) do |user, auth, opts| Gitlab::Auth::UniqueIpsLimiter.limit_user!(user) + activity = Gitlab::Auth::Activity.new(user, opts) + case opts[:event] when :authentication - Gitlab::Auth::Activity.new(user, opts).user_authenticated! + activity.user_authenticated! when :set_user - Gitlab::Auth::Activity.new(user, opts).user_authenticated! - Gitlab::Auth::Activity.new(user, opts).user_session_override! + activity.user_authenticated! + activity.user_session_override! when :fetch # rubocop:disable Lint/EmptyWhen # We ignore session fetch events else - Gitlab::Auth::Activity.new(user, opts).user_session_override! + activity.user_session_override! end end diff --git a/lib/gitlab/auth/activity.rb b/lib/gitlab/auth/activity.rb index 2004d1f393e..9f84c578d4f 100644 --- a/lib/gitlab/auth/activity.rb +++ b/lib/gitlab/auth/activity.rb @@ -7,15 +7,15 @@ module Gitlab extend Gitlab::Utils::StrongMemoize COUNTERS = { - user_authenticated: 'Counter of total successful authentication events', - user_unauthenticated: 'Counter of total authentication failures', - user_not_found: 'Counter of total failed log-ins when user is unknown', + user_authenticated: 'Counter of successful authentication events', + user_unauthenticated: 'Counter of authentication failures', + user_not_found: 'Counter of failed log-ins when user is unknown', user_password_invalid: 'Counter of failed log-ins with invalid password', user_session_override: 'Counter of manual log-ins and sessions overrides', - user_session_destroyed: 'Counter of total user sessions being destroyed', + user_session_destroyed: 'Counter of user sessions being destroyed', user_two_factor_authenticated: 'Counter of two factor authentications', user_sessionless_authentication: 'Counter of sessionless authentications', - user_blocked: 'Counter of total sign in attempts when user is blocked' + user_blocked: 'Counter of sign in attempts when user is blocked' }.freeze def initialize(user, opts) diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb index e82978102aa..44758f862a8 100644 --- a/spec/features/users/login_spec.rb +++ b/spec/features/users/login_spec.rb @@ -159,6 +159,7 @@ describe 'Login' do it 'blocks login with invalid code' do # TODO invalid 2FA code does not generate any events + # See gitlab-org/gitlab-ce#49785 enter_code('foo') @@ -233,7 +234,7 @@ describe 'Login' do context 'with invalid code' do it 'blocks login' do # TODO, invalid two factor authentication does not increment - # metrics / counters + # metrics / counters, see gitlab-org/gitlab-ce#49785 code = codes.sample expect(user.invalidate_otp_backup_code!(code)).to eq true @@ -267,7 +268,8 @@ describe 'Login' do end it 'signs user in without prompting for second factor' do - # TODO, OAuth authentication does not fire events + # TODO, OAuth authentication does not fire events, + # see gitlab-org/gitlab-ce#49786 expect(authentication_metrics) .to increment(:user_authenticated_counter) diff --git a/spec/support/helpers/stub_metrics.rb b/spec/support/helpers/stub_metrics.rb index d882346ec52..64983fdf222 100644 --- a/spec/support/helpers/stub_metrics.rb +++ b/spec/support/helpers/stub_metrics.rb @@ -5,9 +5,8 @@ module StubMetrics def stub_authentication_activity_metrics(debug: false) authentication_metrics.each_counter do |name, metric, description| - double("#{metric} - #{description}").tap do |counter| - allow(authentication_metrics).to receive(name).and_return(counter) - end + allow(authentication_metrics).to receive(name) + .and_return(double("#{metric} - #{description}")) end debug_authentication_activity_metrics if debug