dfcf4cf5f1
Add method to store session ids by ip Add new specs for storing session ids Add cleaning up records after login Add retrieving anonymous sessions Add login recaptcha setting Add new setting to sessions controller Add conditions for showing captcha Add sessions controller specs Add admin settings specs for login protection Add new settings to api Add stub to devise spec Add new translation key Add cr remarks Rename class call Add cr remarks Change if-clause for consistency Add cr remarks Add code review remarks Refactor AnonymousSession class Add changelog entry Move AnonymousSession class to lib Move store unauthenticated sessions to sessions controller Move link to recaptcha info Regenerate text file Improve copy on the spam page Change action filter for storing anonymous sessions Fix rubocop offences Add code review remarks
63 lines
1.9 KiB
Ruby
63 lines
1.9 KiB
Ruby
Rails.application.configure do |config|
|
|
Warden::Manager.after_set_user(scope: :user) do |user, auth, opts|
|
|
Gitlab::Auth::UniqueIpsLimiter.limit_user!(user)
|
|
|
|
activity = Gitlab::Auth::Activity.new(opts)
|
|
|
|
case opts[:event]
|
|
when :authentication
|
|
activity.user_authenticated!
|
|
when :set_user
|
|
activity.user_authenticated!
|
|
activity.user_session_override!
|
|
when :fetch # rubocop:disable Lint/EmptyWhen
|
|
# We ignore session fetch events
|
|
else
|
|
activity.user_session_override!
|
|
end
|
|
end
|
|
|
|
Warden::Manager.after_authentication(scope: :user) do |user, auth, opts|
|
|
ActiveSession.cleanup(user)
|
|
Gitlab::AnonymousSession.new(auth.request.remote_ip, session_id: auth.request.session.id).cleanup_session_per_ip_entries
|
|
end
|
|
|
|
Warden::Manager.after_set_user(scope: :user, only: :fetch) do |user, auth, opts|
|
|
ActiveSession.set(user, auth.request)
|
|
end
|
|
|
|
Warden::Manager.before_failure(scope: :user) do |env, opts|
|
|
Gitlab::Auth::Activity.new(opts).user_authentication_failed!
|
|
end
|
|
|
|
Warden::Manager.before_logout(scope: :user) do |user, auth, opts|
|
|
user ||= auth.user
|
|
|
|
# Rails CSRF protection may attempt to log out a user before that
|
|
# user even logs in
|
|
next unless user
|
|
|
|
activity = Gitlab::Auth::Activity.new(opts)
|
|
tracker = Gitlab::Auth::BlockedUserTracker.new(user, auth)
|
|
|
|
ActiveSession.destroy(user, auth.request.session.id)
|
|
activity.user_session_destroyed!
|
|
|
|
##
|
|
# It is possible that `before_logout` event is going to be triggered
|
|
# multiple times during the request lifecycle. We want to increment
|
|
# metrics and write logs only once in that case.
|
|
#
|
|
# 'warden.auth.*' is our custom hash key that follows usual convention
|
|
# of naming keys in the Rack env hash.
|
|
#
|
|
next if auth.env['warden.auth.user.blocked']
|
|
|
|
if user.blocked?
|
|
activity.user_blocked!
|
|
tracker.log_activity!
|
|
end
|
|
|
|
auth.env['warden.auth.user.blocked'] = true
|
|
end
|
|
end
|