Skip redunant before_logout warden events

e698a22e · Grzegorz Bizon · c2a5bbc2 · e698a22e · e698a22e
Commit e698a22e authored Aug 02, 2018 by Grzegorz Bizon
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 15 deletions

app/controllers/application_controller.rb app/controllers/application_controller.rb +1 -10

config/initializers/warden.rb config/initializers/warden.rb +14 -5

No files found.
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -24,6 +24,7 @@ class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?
  before_action :require_email, unless: :devise_controller?

+
  around_action :set_locale

  after_action :set_page_title_header, if: -> { request.format == :json }
@@ -127,13 +128,7 @@ class ApplicationController < ActionController::Base
  # Controllers such as GitHttpController may use alternative methods
  # (e.g. tokens) to authenticate the user, whereas Devise sets current_user.
  #
-  #  `current_user` call is going to trigger Warden::Proxy authentication
-  #  that is going to invoke warden callbacks, and we don't want to do it
-  #  twice in case of authentication request.
-  #
  def auth_user
-    return if authentication_request?
-
    if user_signed_in?
      current_user
    else
@@ -141,10 +136,6 @@ class ApplicationController < ActionController::Base
    end
  end

-  def authentication_request?
-    controller_name == 'sessions' && action_name == 'create'
-  end
-
  # This filter handles personal access tokens, and atom requests with rss tokens
  def authenticate_sessionless_user!
    user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user

--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -30,14 +30,23 @@ Rails.application.configure do |config|
  end

  Warden::Manager.before_logout(scope: :user) do |user, auth, opts|
-    user ||= auth.user
+    ActiveSession.destroy(user || auth.user, auth.request.session.id)
+
+    activity = Gitlab::Auth::Activity.new(opts)
+    tracker = Gitlab::Auth::BlockedUserTracker.new(user, auth)
+
+    ##
+    # It is possible that `before_logout` event is going to be triggered
+    # multiple times during the request lifecycle. We want to increment
+    # metrics and write logs only once in that case.
+    #
+    next if (auth.env['warden.auth.trackers'] ||= {}).push(activity).many?

    if user.blocked?
-      Gitlab::Auth::Activity.new(opts).user_blocked!
-      Gitlab::Auth::BlockedUserTracker.new(user, auth).log_activity!
+      activity.user_blocked!
+      tracker.log_activity!
    end

-    Gitlab::Auth::Activity.new(opts).user_session_destroyed!
-    ActiveSession.destroy(user, auth.request.session.id)
+    activity.user_session_destroyed!
  end
 end