Do not skip recording session destruction events

ef28641d · Grzegorz Bizon · 98e9f52c · ef28641d
Commit ef28641d authored Aug 03, 2018 by Grzegorz Bizon
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

config/initializers/warden.rb config/initializers/warden.rb +4 -4

No files found.
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -30,11 +30,13 @@ Rails.application.configure do |config|
  end

  Warden::Manager.before_logout(scope: :user) do |user, auth, opts|
-    ActiveSession.destroy(user || auth.user, auth.request.session.id)
-
    activity = Gitlab::Auth::Activity.new(opts)
    tracker = Gitlab::Auth::BlockedUserTracker.new(user, auth)

+    ActiveSession.destroy(user || auth.user, auth.request.session.id)
+
+    activity.user_session_destroyed!
+
    ##
    # It is possible that `before_logout` event is going to be triggered
    # multiple times during the request lifecycle. We want to increment
@@ -51,7 +53,5 @@ Rails.application.configure do |config|
      activity.user_blocked!
      tracker.log_activity!
    end
-
-    activity.user_session_destroyed!
  end
 end