Avoid resource intensive login checks if password is not provided

Fixes #32598

Avoid resource intensive login checks if password is not provided
Fixes #32598
9735ce15 · Horatiu Eugen Vlad · b0642299 · 9735ce15 · 9735ce15
Commit 9735ce15 authored May 19, 2017 by Horatiu Eugen Vlad
Showing with 8 additions and 1 deletion

changelogs/unreleased/32598-avoid-resource-intensive-login-checks-if-password-is-not-provided-for-git-http.yml ...login-checks-if-password-is-not-provided-for-git-http.yml +4 -0

lib/gitlab/auth.rb lib/gitlab/auth.rb +4 -1

No files found.
--- a/changelogs/unreleased/32598-avoid-resource-intensive-login-checks-if-password-is-not-provided-for-git-http.yml
+++ b/changelogs/unreleased/32598-avoid-resource-intensive-login-checks-if-password-is-not-provided-for-git-http.yml
+---
+title: Avoid resource intensive login checks if password is not provided.
+merge_request: 11537
+author: Horatiu Eugen Vlad
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -37,6 +37,9 @@ module Gitlab
      end

      def find_with_user_password(login, password)
+        # Avoid resource intensive login checks if password is not provided
+        return unless password.present?
+
        Gitlab::Auth::UniqueIpsLimiter.limit_user! do
          user = User.by_login(login)

@@ -44,7 +47,7 @@ module Gitlab
          #   LDAP users are only authenticated via LDAP
          if user.nil? || user.ldap_user?
            # Second chance - try LDAP authentication
-            return nil unless Gitlab::LDAP::Config.enabled?
+            return unless Gitlab::LDAP::Config.enabled?

            Gitlab::LDAP::Authentication.login(login, password)
          else