diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-05-22 17:31:58 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-05-22 17:31:58 +0000 |
| commit | 55e286ca73e7eb85fc74bd675ba17a6df58f0a3d (patch) | |
| tree | f9e94504b6b378c92b8c63a588c5d14f36a519d6 /lib | |
| parent | 010a9c6be28f4e73a2926832cc4fa7a574d858ba (diff) | |
| parent | 9735ce15de5255365e302d1f50b301039512f50d (diff) | |
| download | gitlab-ce-55e286ca73e7eb85fc74bd675ba17a6df58f0a3d.tar.gz | |
Merge branch 'fix/git_http_request_without_password' into 'master'
Avoid resource intensive login checks if password is not provided
Closes #32598
See merge request !11537
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/auth.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index ea918b23a63..099c45dcfb7 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -37,6 +37,9 @@ module Gitlab end def find_with_user_password(login, password) + # Avoid resource intensive login checks if password is not provided + return unless password.present? + Gitlab::Auth::UniqueIpsLimiter.limit_user! do user = User.by_login(login) @@ -44,7 +47,7 @@ module Gitlab # LDAP users are only authenticated via LDAP if user.nil? || user.ldap_user? # Second chance - try LDAP authentication - return nil unless Gitlab::LDAP::Config.enabled? + return unless Gitlab::LDAP::Config.enabled? Gitlab::LDAP::Authentication.login(login, password) else |