Fix audit event that weren't being created for failed LDAP log-in tries
What does this MR do?
I think we stopped logging failed LDAP logging with f10c999b.
The logging was added by @jameslopez with e74c7e2a but:
- since
Ldap::OmniauthCallbacksController < OmniauthCallbacksController
andLdap::OmniauthCallbacksController
redefines#fail_login
(https://gitlab.com/gitlab-org/gitlab/-/blob/7cebe9c5217fcc9cdba24b33d3e753e146f65896/app/controllers/ldap/omniauth_callbacks_controller.rb#L30-34), - the extra behavior added by
EE::OmniauthCallbacksController
(https://gitlab.com/gitlab-org/gitlab/-/blob/7cebe9c5217fcc9cdba24b33d3e753e146f65896/ee/app/controllers/ee/omniauth_callbacks_controller.rb#L20-24) toOmniauthCallbacksController
(https://gitlab.com/gitlab-org/gitlab/-/blob/7cebe9c5217fcc9cdba24b33d3e753e146f65896/app/controllers/omniauth_callbacks_controller.rb#L274) is not triggered.
There was already a test for this behavior but it only passed after a retry (not sure why), so I've made sure that we never retry this particular test to ensure it's not a false positive.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Closes #211824 (closed).
Edited by Rémy Coutable