From fc85b07a27a5e1cc77105235562e7be151a266a8 Mon Sep 17 00:00:00 2001
From: Mayra Cabrera <mcabrera@gitlab.com>
Date: Tue, 2 Jul 2019 19:48:06 +0000
Subject: Include user id and username in auth log

Fetches user based on the value of 'rack.attack.match_discriminator'

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62756
---
 config/initializers/rack_attack_logging.rb | 14 ++++++++--
 spec/requests/rack_attack_global_spec.rb   | 43 ++++++++++++++++++++++++++++--
 2 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/config/initializers/rack_attack_logging.rb b/config/initializers/rack_attack_logging.rb
index 2a3fdc8de5f..338e968cc6c 100644
--- a/config/initializers/rack_attack_logging.rb
+++ b/config/initializers/rack_attack_logging.rb
@@ -4,12 +4,22 @@
 
 ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, request_id, req|
   if [:throttle, :blacklist].include? req.env['rack.attack.match_type']
-    Gitlab::AuthLogger.error(
+    rack_attack_info = {
       message: 'Rack_Attack',
       env: req.env['rack.attack.match_type'],
       ip: req.ip,
       request_method: req.request_method,
       fullpath: req.fullpath
-    )
+    }
+
+    if req.env['rack.attack.matched'] != 'throttle_unauthenticated'
+      user_id = req.env['rack.attack.match_discriminator']
+      user = User.find_by(id: user_id)
+
+      rack_attack_info[:user_id] = user_id
+      rack_attack_info[:username] = user.username unless user.nil?
+    end
+
+    Gitlab::AuthLogger.error(rack_attack_info)
   end
 end
diff --git a/spec/requests/rack_attack_global_spec.rb b/spec/requests/rack_attack_global_spec.rb
index 89adbc77a7f..d832963292c 100644
--- a/spec/requests/rack_attack_global_spec.rb
+++ b/spec/requests/rack_attack_global_spec.rb
@@ -102,6 +102,27 @@ describe 'Rack Attack global throttles' do
 
         expect_rejection { get(*get_args) }
       end
+
+      it 'logs RackAttack info into structured logs' do
+        requests_per_period.times do
+          get(*get_args)
+          expect(response).to have_http_status 200
+        end
+
+        arguments = {
+          message: 'Rack_Attack',
+          env: :throttle,
+          ip: '127.0.0.1',
+          request_method: 'GET',
+          fullpath: get_args.first,
+          user_id: user.id,
+          username: user.username
+        }
+
+        expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once
+
+        expect_rejection { get(*get_args) }
+      end
     end
 
     context 'when the throttle is disabled' do
@@ -189,7 +210,15 @@ describe 'Rack Attack global throttles' do
           expect(response).to have_http_status 200
         end
 
-        expect(Gitlab::AuthLogger).to receive(:error).once
+        arguments = {
+          message: 'Rack_Attack',
+          env: :throttle,
+          ip: '127.0.0.1',
+          request_method: 'GET',
+          fullpath: '/users/sign_in'
+        }
+
+        expect(Gitlab::AuthLogger).to receive(:error).with(arguments)
 
         get url_that_does_not_require_authentication
       end
@@ -345,7 +374,17 @@ describe 'Rack Attack global throttles' do
           expect(response).to have_http_status 200
         end
 
-        expect(Gitlab::AuthLogger).to receive(:error).once
+        arguments = {
+          message: 'Rack_Attack',
+          env: :throttle,
+          ip: '127.0.0.1',
+          request_method: 'GET',
+          fullpath: '/dashboard/snippets',
+          user_id: user.id,
+          username: user.username
+        }
+
+        expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once
 
         get url_that_requires_authentication
       end
-- 
cgit v1.2.1