# frozen_string_literal: truemoduleGitlabmoduleAuthclassBlockedUserTrackerACTIVE_RECORD_REQUEST_PARAMS='action_dispatch.request.request_parameters'defself.log_if_user_blocked(env)message=env.dig('warden.options',:message)# Devise calls User#active_for_authentication? on the User model and then# throws an exception to Warden with User#inactive_message:# https://github.com/plataformatec/devise/blob/v4.2.1/lib/devise/hooks/activatable.rb#L8## Since Warden doesn't pass the user record to the failure handler, we# need to do a database lookup with the username. We can limit the# lookups to happen when the user was blocked by checking the inactive# message passed along by Warden.returnunlessmessage==User::BLOCKED_MESSAGElogin=env.dig(ACTIVE_RECORD_REQUEST_PARAMS,'user','login')returnunlesslogin.present?user=User.by_login(login)returnunlessuser&.blocked?Gitlab::AppLogger.info("Failed login for blocked user: user=#{user.username} ip=#{env['REMOTE_ADDR']}")SystemHooksService.new.execute_hooks_for(user,:failed_login)truerescueTypeErrorendendendend