Include user id and username in auth log

Fetches user based on the value of 'rack.attack.match_discriminator' Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756
author: Mayra Cabrera <mcabrera@gitlab.com> 2019-07-02 19:48:06 +0000
committer: Stan Hu <stanhu@gmail.com> 2019-07-02 19:48:06 +0000
commit: fc85b07a27a5e1cc77105235562e7be151a266a8 (patch)
tree: 02ba2b2a4934c5f71baa8fa3e902f991c1413483 /spec/requests
parent: 851d19c26023cb977eb29157bc833daab985ba77 (diff)
download: gitlab-ce-fc85b07a27a5e1cc77105235562e7be151a266a8.tar.gz
1 files changed, 41 insertions, 2 deletions
diff --git a/spec/requests/rack_attack_global_spec.rb b/spec/requests/rack_attack_global_spec.rb
index 89adbc77a7f..d832963292c 100644
--- a/spec/requests/rack_attack_global_spec.rb
+++ b/spec/requests/rack_attack_global_spec.rb
@@ -102,6 +102,27 @@ describe 'Rack Attack global throttles' do
 
         expect_rejection { get(*get_args) }
       end
+
+      it 'logs RackAttack info into structured logs' do
+        requests_per_period.times do
+          get(*get_args)
+          expect(response).to have_http_status 200
+        end
+
+        arguments = {
+          message: 'Rack_Attack',
+          env: :throttle,
+          ip: '127.0.0.1',
+          request_method: 'GET',
+          fullpath: get_args.first,
+          user_id: user.id,
+          username: user.username
+        }
+
+        expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once
+
+        expect_rejection { get(*get_args) }
+      end
     end
 
     context 'when the throttle is disabled' do
@@ -189,7 +210,15 @@ describe 'Rack Attack global throttles' do
           expect(response).to have_http_status 200
         end
 
-        expect(Gitlab::AuthLogger).to receive(:error).once
+        arguments = {
+          message: 'Rack_Attack',
+          env: :throttle,
+          ip: '127.0.0.1',
+          request_method: 'GET',
+          fullpath: '/users/sign_in'
+        }
+
+        expect(Gitlab::AuthLogger).to receive(:error).with(arguments)
 
         get url_that_does_not_require_authentication
       end
@@ -345,7 +374,17 @@ describe 'Rack Attack global throttles' do
           expect(response).to have_http_status 200
         end
 
-        expect(Gitlab::AuthLogger).to receive(:error).once
+        arguments = {
+          message: 'Rack_Attack',
+          env: :throttle,
+          ip: '127.0.0.1',
+          request_method: 'GET',
+          fullpath: '/dashboard/snippets',
+          user_id: user.id,
+          username: user.username
+        }
+
+        expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once
 
         get url_that_requires_authentication
       end
author	Mayra Cabrera <mcabrera@gitlab.com>	2019-07-02 19:48:06 +0000
committer	Stan Hu <stanhu@gmail.com>	2019-07-02 19:48:06 +0000
commit	fc85b07a27a5e1cc77105235562e7be151a266a8 (patch)
tree	02ba2b2a4934c5f71baa8fa3e902f991c1413483 /spec/requests
parent	851d19c26023cb977eb29157bc833daab985ba77 (diff)
download	gitlab-ce-fc85b07a27a5e1cc77105235562e7be151a266a8.tar.gz