Commit graph

21 commits

Author SHA1 Message Date
Stan Hu
027c3264ad Guard against a login attempt with invalid CSRF token
If a user logs in with a bad CSRF token, the Warden before_logout
hook will be called with no valid user. This would lead to odd
Error 500 messages with a backtrace.

Addresses part of #50857
2018-09-26 12:20:43 -07:00
Grzegorz Bizon
0dd0dc2367 Simplify the check of reduntant user logout events 2018-08-03 13:06:38 +02:00
Grzegorz Bizon
ef28641d03 Do not skip recording session destruction events 2018-08-03 13:00:14 +02:00
Grzegorz Bizon
98e9f52cf4 Improve blocked user tracking code readability 2018-08-03 12:58:00 +02:00
Grzegorz Bizon
e698a22e10 Skip redunant before_logout warden events 2018-08-02 15:41:14 +02:00
Grzegorz Bizon
9c6aa0a0a6 Improve authentication events-related code readability 2018-08-01 17:08:59 +02:00
Grzegorz Bizon
4eb9d6a96f Do not implicitly authenticate user during session creation 2018-08-01 16:57:59 +02:00
Grzegorz Bizon
2b05562c5b Simplify blocked user tracking during authentication 2018-08-01 15:56:44 +02:00
Grzegorz Bizon
4bcf72e734 Improve blocked user tracking and fire some events only once 2018-08-01 14:23:06 +02:00
Grzegorz Bizon
de8f8cdf06 Improve authentication activity code readability 2018-07-31 09:24:19 +02:00
Grzegorz Bizon
719eeb0f49 Fix rubocop offense in warden initializers 2018-07-27 15:25:21 +02:00
Grzegorz Bizon
ede8c0ced4 Catch custom warden events too to increment metrics 2018-07-27 12:19:34 +02:00
Grzegorz Bizon
656985bf75 Make authentication metrics events explicit is specs 2018-07-26 18:36:04 +02:00
Grzegorz Bizon
68547bc0e0 Track blocked users and two factor authentications 2018-07-23 15:13:11 +02:00
Grzegorz Bizon
1a39d24d20 Refactor blocked user tracker class 2018-07-20 16:00:28 +02:00
Grzegorz Bizon
ac4b954c5f Rename authentication activity observer methods 2018-07-19 10:34:58 +02:00
Grzegorz Bizon
416076610e Implement scaffold of authentication activity metrics 2018-07-17 14:50:04 +02:00
Douwe Maan
d0bab3399f
Only run session related Warden hooks for user scope 2018-05-07 11:36:52 +02:00
Alexis Reigel ( 🌴 may 2nd - may 9th 🌴 )
9b33e3d36f Display and revoke active sessions 2018-05-02 08:08:16 +00:00
Stan Hu
0d187a9a65 Log and send a system hook if a blocked user fails to login
Closes #41633
2018-01-14 22:22:06 -08:00
Pawel Chojnacki
2ff139ddee Make Warden set_user hook validate user ip uniquness
+ rename shared context
2017-03-06 15:41:25 +01:00