GitLab should have an option to prevent users from signing in from multiple IPs (!8998) · Merge requests · GitLab.org / GitLab FOSS

username-removed-676946 requested to merge pchojnacki/gitlab-ce:27520-option-to-prevent-signing-in-from-multiple-ips into master Feb 06, 2017

What does this MR do?

Adds option to limit logging from from too many IPs in configured time frame.

It uses Redis SortedSets to implement this:

r.zadd(key, time, ip)
r.zremrangebyscore(key, 0, time - time_window)
unique_ips_count = r.zcard(key)

Are there points in the code the reviewer needs to double check?

This MR is sort of request for comments as I have mixed feeling myself about e.g. using Thread.current local storage to make request IP accessible from different parts of code without much modification.

Why was this MR needed?

Spam attacks can require significant amount of work to mitigate it. This MR gives yet another tool to help fighting spam.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated
API support added
Tests
- Added for this feature/bug
- All builds are passing
Conform by the merge request performance guides
Conform by the style guides
Branch has no merge conflicts with master (if it does - rebase it please)
Squashed related commits together

What are the relevant issue numbers?

Closes #27520 (closed)

Admin message