Skip to content

G
gitlab-ce
Commit e698a22e authored by Grzegorz Bizon's avatar Grzegorz Bizon
Browse files
Options

Skip redunant before_logout warden events

parent c2a5bbc2
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 15 deletions
app/controllers/application_controller.rb
View file @ e698a22e
...@@ -24,6 +24,7 @@ class ApplicationController < ActionController::Base ...@@ -24,6 +24,7 @@ class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller? before_action :configure_permitted_parameters, if: :devise_controller?
before_action :require_email, unless: :devise_controller? before_action :require_email, unless: :devise_controller?
around_action :set_locale around_action :set_locale
after_action :set_page_title_header, if: -> { request.format == :json } after_action :set_page_title_header, if: -> { request.format == :json }
...@@ -127,13 +128,7 @@ class ApplicationController < ActionController::Base ...@@ -127,13 +128,7 @@ class ApplicationController < ActionController::Base
# Controllers such as GitHttpController may use alternative methods # Controllers such as GitHttpController may use alternative methods
# (e.g. tokens) to authenticate the user, whereas Devise sets current_user. # (e.g. tokens) to authenticate the user, whereas Devise sets current_user.
# #
# `current_user` call is going to trigger Warden::Proxy authentication
# that is going to invoke warden callbacks, and we don't want to do it
# twice in case of authentication request.
#
def auth_user def auth_user
return if authentication_request?
if user_signed_in? if user_signed_in?
current_user current_user
else else
...@@ -141,10 +136,6 @@ class ApplicationController < ActionController::Base ...@@ -141,10 +136,6 @@ class ApplicationController < ActionController::Base
end end
end end
def authentication_request?
controller_name == 'sessions' && action_name == 'create'
end
# This filter handles personal access tokens, and atom requests with rss tokens # This filter handles personal access tokens, and atom requests with rss tokens
def authenticate_sessionless_user! def authenticate_sessionless_user!
user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user
......
config/initializers/warden.rb
View file @ e698a22e
...@@ -30,14 +30,23 @@ Rails.application.configure do |config| ...@@ -30,14 +30,23 @@ Rails.application.configure do |config|
end end
Warden::Manager.before_logout(scope: :user) do |user, auth, opts| Warden::Manager.before_logout(scope: :user) do |user, auth, opts|
user ||= auth.user ActiveSession.destroy(user || auth.user, auth.request.session.id)
activity = Gitlab::Auth::Activity.new(opts)
tracker = Gitlab::Auth::BlockedUserTracker.new(user, auth)
##
# It is possible that `before_logout` event is going to be triggered
# multiple times during the request lifecycle. We want to increment
# metrics and write logs only once in that case.
#
next if (auth.env['warden.auth.trackers'] ||= {}).push(activity).many?
if user.blocked? if user.blocked?
Gitlab::Auth::Activity.new(opts).user_blocked! activity.user_blocked!
Gitlab::Auth::BlockedUserTracker.new(user, auth).log_activity! tracker.log_activity!
end end
Gitlab::Auth::Activity.new(opts).user_session_destroyed! activity.user_session_destroyed!
ActiveSession.destroy(user, auth.request.session.id)
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7