Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d51365ef
Commit
d51365ef
authored
Aug 23, 2019
by
Marius Bobin
Committed by
Jan Provaznik
Aug 23, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Exempt `jwt/auth` for user `gitlab-ci-token` from rate limiting
parent
8634cca3
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
12 additions
and
3 deletions
+12
-3
changelogs/unreleased/49392-exempt-jwt-auth-for-user-gitlab-ci-token-from-rate-limiting.yml
...-jwt-auth-for-user-gitlab-ci-token-from-rate-limiting.yml
+5
-0
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+5
-1
spec/lib/gitlab/auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+2
-2
No files found.
changelogs/unreleased/49392-exempt-jwt-auth-for-user-gitlab-ci-token-from-rate-limiting.yml
0 → 100644
View file @
d51365ef
---
title
:
Exempt user gitlab-ci-token from rate limiting
merge_request
:
31909
author
:
type
:
fixed
lib/gitlab/auth.rb
View file @
d51365ef
...
...
@@ -46,7 +46,7 @@ module Gitlab
user_with_password_for_git
(
login
,
password
)
||
Gitlab
::
Auth
::
Result
.
new
rate_limit!
(
ip
,
success:
result
.
success?
,
login:
login
)
rate_limit!
(
ip
,
success:
result
.
success?
,
login:
login
)
unless
skip_rate_limit?
(
login:
login
)
Gitlab
::
Auth
::
UniqueIpsLimiter
.
limit_user!
(
result
.
actor
)
return
result
if
result
.
success?
||
authenticate_using_internal_or_ldap_password?
...
...
@@ -119,6 +119,10 @@ module Gitlab
private
def
skip_rate_limit?
(
login
:)
::
Ci
::
Build
::
CI_REGISTRY_USER
==
login
end
def
authenticate_using_internal_or_ldap_password?
Gitlab
::
CurrentSettings
.
password_authentication_enabled_for_git?
||
Gitlab
::
Auth
::
LDAP
::
Config
.
enabled?
end
...
...
spec/lib/gitlab/auth_spec.rb
View file @
d51365ef
...
...
@@ -86,7 +86,7 @@ describe Gitlab::Auth do
let
(
:project
)
{
build
.
project
}
before
do
expect
(
gl_auth
).
to
receive
(
:rate_limit!
).
with
(
'ip'
,
success:
true
,
login:
'gitlab-ci-token'
)
expect
(
gl_auth
).
not_
to
receive
(
:rate_limit!
).
with
(
'ip'
,
success:
true
,
login:
'gitlab-ci-token'
)
end
it
'recognises user-less build'
do
...
...
@@ -106,7 +106,7 @@ describe Gitlab::Auth do
let
(
:project
)
{
build
.
project
}
before
do
expect
(
gl_auth
).
to
receive
(
:rate_limit!
).
with
(
'ip'
,
success:
false
,
login:
'gitlab-ci-token'
)
expect
(
gl_auth
).
not_
to
receive
(
:rate_limit!
).
with
(
'ip'
,
success:
false
,
login:
'gitlab-ci-token'
)
end
it
'denies authentication'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
