Allow limiting logging in users from too many different IPs.

author: Pawel Chojnacki <pawel@chojnacki.ws> 2017-02-06 13:48:46 +0100
committer: Pawel Chojnacki <pawel@chojnacki.ws> 2017-03-06 15:41:24 +0100
commit: e5cf3f51fb568361a247d715facb6cd9bb15bb16 (patch)
tree: d12f9644c8b0dd0765fd0de90d69027848341083 /app/controllers
parent: 27729aa3a4666c6b06006c76023f4bff60f8ba25 (diff)
download: gitlab-ce-e5cf3f51fb568361a247d715facb6cd9bb15bb16.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 7d81c96262f..3f5b92d9a99 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -67,10 +67,12 @@ class SessionsController < Devise::SessionsController
   end
 
   def find_user
-    if session[:otp_user_id]
-      User.find(session[:otp_user_id])
-    elsif user_params[:login]
-      User.by_login(user_params[:login])
+    Gitlab::Auth::UniqueIpsLimiter.limit_user! do
+      if session[:otp_user_id]
+        User.find(session[:otp_user_id])
+      elsif user_params[:login]
+        User.by_login(user_params[:login])
+      end
     end
   end
author	Pawel Chojnacki <pawel@chojnacki.ws>	2017-02-06 13:48:46 +0100
committer	Pawel Chojnacki <pawel@chojnacki.ws>	2017-03-06 15:41:24 +0100
commit	e5cf3f51fb568361a247d715facb6cd9bb15bb16 (patch)
tree	d12f9644c8b0dd0765fd0de90d69027848341083 /app/controllers
parent	27729aa3a4666c6b06006c76023f4bff60f8ba25 (diff)
download	gitlab-ce-e5cf3f51fb568361a247d715facb6cd9bb15bb16.tar.gz