Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
bf253a10
Commit
bf253a10
authored
Mar 11, 2016
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Obtain lease before querying LDAP
parent
73c777cf
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
10 additions
and
1 deletion
+10
-1
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+2
-0
app/models/user.rb
app/models/user.rb
+7
-0
lib/gitlab/user_access.rb
lib/gitlab/user_access.rb
+1
-1
No files found.
app/controllers/application_controller.rb
View file @
bf253a10
...
@@ -246,6 +246,8 @@ class ApplicationController < ActionController::Base
...
@@ -246,6 +246,8 @@ class ApplicationController < ActionController::Base
def
ldap_security_check
def
ldap_security_check
if
current_user
&&
current_user
.
requires_ldap_check?
if
current_user
&&
current_user
.
requires_ldap_check?
return
unless
current_user
.
try_obtain_ldap_lease
unless
Gitlab
::
LDAP
::
Access
.
allowed?
(
current_user
)
unless
Gitlab
::
LDAP
::
Access
.
allowed?
(
current_user
)
sign_out
current_user
sign_out
current_user
flash
[
:alert
]
=
"Access denied for your LDAP account."
flash
[
:alert
]
=
"Access denied for your LDAP account."
...
...
app/models/user.rb
View file @
bf253a10
...
@@ -603,6 +603,13 @@ class User < ActiveRecord::Base
...
@@ -603,6 +603,13 @@ class User < ActiveRecord::Base
end
end
end
end
def
try_obtain_ldap_lease
# After obtaining this lease LDAP checks will be blocked for 600 seconds
# (10 minutes) for this user.
lease
=
Gitlab
::
ExclusiveLease
.
new
(
"user_ldap_check:
#{
id
}
"
,
timeout:
600
)
lease
.
try_obtain
end
def
solo_owned_groups
def
solo_owned_groups
@solo_owned_groups
||=
owned_groups
.
select
do
|
group
|
@solo_owned_groups
||=
owned_groups
.
select
do
|
group
|
group
.
owners
==
[
self
]
group
.
owners
==
[
self
]
...
...
lib/gitlab/user_access.rb
View file @
bf253a10
...
@@ -3,7 +3,7 @@ module Gitlab
...
@@ -3,7 +3,7 @@ module Gitlab
def
self
.
allowed?
(
user
)
def
self
.
allowed?
(
user
)
return
false
if
user
.
blocked?
return
false
if
user
.
blocked?
if
user
.
requires_ldap_check?
if
user
.
requires_ldap_check?
&&
user
.
try_obtain_ldap_lease
return
false
unless
Gitlab
::
LDAP
::
Access
.
allowed?
(
user
)
return
false
unless
Gitlab
::
LDAP
::
Access
.
allowed?
(
user
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment