Downcase aliased OAuth2 callback providers

Users may specify an OAuth2 callback with a custom name, such as
AWSCognito, but Rails will reject this with the following message:

```
'import/AWSCognito' is not a supported controller name. This can
lead to potential routing problems. See
http://guides.rubyonrails.org/routing.html#specifying-a-controller-to-use
```

To avoid these errors, we can just downcase all the provider names.
Note that this will make it impossible to specify a duplicate name with
different cases.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57156

2 files changed, 6 insertions, 1 deletions

diff --git a/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml b/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml
new file mode 100644
index 00000000000..8d17900cb79
--- /dev/null
+++ b/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml
@@ -0,0 +1,5 @@
+---
+title: Downcase aliased OAuth2 callback providers
+merge_request: 24877
+author:
+type: fixed
diff --git a/config/routes/import.rb b/config/routes/import.rb
index 69df82611f2..da5c31d0062 100644
--- a/config/routes/import.rb
+++ b/config/routes/import.rb
@@ -1,7 +1,7 @@
 # Alias import callbacks under the /users/auth endpoint so that
 # the OAuth2 callback URL can be restricted under http://example.com/users/auth
 # instead of http://example.com.
-Devise.omniauth_providers.each do |provider|
+Devise.omniauth_providers.map(&:downcase).each do |provider|
   next if provider == 'ldapmain'
 
   get "/users/auth/-/import/#{provider}/callback", to: "import/#{provider}#callback", as: "users_import_#{provider}_callback"