Commit fc85b07a authored by Mayra Cabrera's avatar Mayra Cabrera Committed by Stan Hu

Include user id and username in auth log

Fetches user based on the value of 'rack.attack.match_discriminator'

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756
parent 851d19c2
......@@ -4,12 +4,22 @@
ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, request_id, req|
if [:throttle, :blacklist].include? req.env['rack.attack.match_type']
Gitlab::AuthLogger.error(
rack_attack_info = {
message: 'Rack_Attack',
env: req.env['rack.attack.match_type'],
ip: req.ip,
request_method: req.request_method,
fullpath: req.fullpath
)
}
if req.env['rack.attack.matched'] != 'throttle_unauthenticated'
user_id = req.env['rack.attack.match_discriminator']
user = User.find_by(id: user_id)
rack_attack_info[:user_id] = user_id
rack_attack_info[:username] = user.username unless user.nil?
end
Gitlab::AuthLogger.error(rack_attack_info)
end
end
......@@ -102,6 +102,27 @@ describe 'Rack Attack global throttles' do
expect_rejection { get(*get_args) }
end
it 'logs RackAttack info into structured logs' do
requests_per_period.times do
get(*get_args)
expect(response).to have_http_status 200
end
arguments = {
message: 'Rack_Attack',
env: :throttle,
ip: '127.0.0.1',
request_method: 'GET',
fullpath: get_args.first,
user_id: user.id,
username: user.username
}
expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once
expect_rejection { get(*get_args) }
end
end
context 'when the throttle is disabled' do
......@@ -189,7 +210,15 @@ describe 'Rack Attack global throttles' do
expect(response).to have_http_status 200
end
expect(Gitlab::AuthLogger).to receive(:error).once
arguments = {
message: 'Rack_Attack',
env: :throttle,
ip: '127.0.0.1',
request_method: 'GET',
fullpath: '/users/sign_in'
}
expect(Gitlab::AuthLogger).to receive(:error).with(arguments)
get url_that_does_not_require_authentication
end
......@@ -345,7 +374,17 @@ describe 'Rack Attack global throttles' do
expect(response).to have_http_status 200
end
expect(Gitlab::AuthLogger).to receive(:error).once
arguments = {
message: 'Rack_Attack',
env: :throttle,
ip: '127.0.0.1',
request_method: 'GET',
fullpath: '/dashboard/snippets',
user_id: user.id,
username: user.username
}
expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once
get url_that_requires_authentication
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment