Fix deploy tokens erroneously triggering unique IP limits
Some users were complaining that when the user unique IP limiter was
enabled, they would be banned for some unknown
reason. AuthFinder.find_for_git_client
can authenticate users from a
multitude of tokens (CI, LFS, HTTP basic auth, etc.), but project deploy
tokens are unique in that they aren't attributed to a specific user. As
a result, if project deploy tokens were used, users that had the same
database ID as a deploy token would erroneously be attributed to using
the IP accessed by the token.
To fix this issue, we only call Gitlab::Auth::UniqueIpsLimiter
if a
user is returned from the authentication search. Project deploy tokens
could be used from many different IPs, so it doesn't make sense to group
them with user activity.
Possibly fixes #22854 (closed)