Limit user information to RackAttack throttles

rack.attack.match_discriminator is only return on throttle_authenticated_api or throttle_authenticated_web requests, so we're avoiding logging user_id on blacklist requests Follow up of https://gitlab.com/gitlab-org/gitlab-ce/issues/62756

Limit user information to RackAttack throttles
rack.attack.match_discriminator is only return on throttle_authenticated_api or throttle_authenticated_web requests, so we're avoiding logging user_id on blacklist requests Follow up of https://gitlab.com/gitlab-org/gitlab-ce/issues/62756
bcd813c0 · Mayra Cabrera · Stan Hu · 735f360c · bcd813c0
Commit bcd813c0 authored Jul 09, 2019 by Mayra Cabrera Committed by Stan Hu Jul 09, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

config/initializers/rack_attack_logging.rb config/initializers/rack_attack_logging.rb +1 -1

No files found.
--- a/config/initializers/rack_attack_logging.rb
+++ b/config/initializers/rack_attack_logging.rb
@@ -12,7 +12,7 @@ ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, r
      fullpath: req.fullpath
    }

-    if req.env['rack.attack.matched'] != 'throttle_unauthenticated'
+    if %w(throttle_authenticated_api throttle_authenticated_web).include? req.env['rack.attack.matched']
      user_id = req.env['rack.attack.match_discriminator']
      user = User.find_by(id: user_id)