diff options
| author | Stan Hu <stanhu@gmail.com> | 2015-07-19 07:06:21 +0000 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2015-07-19 07:06:21 +0000 |
| commit | 247609a3d8fc9c1b5cf728fdbea303a15ec640db (patch) | |
| tree | d2e22200742dba6783dd906a432e2e2edfe5de2f | |
| parent | 2940263aacb869ef3cd062b23a18b7eaf64dd443 (diff) | |
| parent | 19163f84fbec0e1798300c62745d1f747259eb61 (diff) | |
| download | gitlab-ce-247609a3d8fc9c1b5cf728fdbea303a15ec640db.tar.gz | |
Merge branch 'fix-oauth-redirection' into 'master'
Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in
### What does this MR do?
This MR fixes a bug when GitLab is used as an OAuth provider (e.g. to GitLab CI) where the user is not redirected back to the original URI after a successful sign-in. This MR tweaks the Doorkeeper configuration to set the `user_return_to` Devise session variable, as mentioned in this [Stack Overflow](http://stackoverflow.com/questions/14504739/how-to-use-both-devise-and-doorkeeper-gems) post.
### Why was this MR needed?
If you attempt to "Login via GitLab" from GitLab CI and aren't logged out completely, GitLab asks for your username and password. After you login, you get directed to the GitLab dashboard instead of back to GitLab CI. It's easy to reproduce:
1. Set up a GitLab CI and GitLab instance (e.g. ci.gitlab.com, gitlab.com).
2. Start an Incognito Window so that you are logged out of GitLab CI and GitLab.
3. Go to the GitLab CI instance. Click the "Login with GitLab".
4. Enter in your credentials.
5. Watch your browser login to GitLab and not return to GitLab CI.
### What are the relevant issue numbers?
Closes #1612
See merge request !998
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | config/initializers/doorkeeper.rb | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index c4877042fed..9fe1e8c90c7 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.14.0 (unreleased) + - Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in (Stan Hu) - Fix file upload dialog for comment editing (Daniel Gerhardt) - Expire Rails cache entries after two weeks to prevent endless Redis growth - Add support for destroying project milestones (Stan Hu) diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index d422acb31d6..6139ddbe6cd 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -6,7 +6,8 @@ Doorkeeper.configure do # This block will be called to check whether the resource owner is authenticated or not. resource_owner_authenticator do # Put your resource owner authentication logic here. - # Example implementation: + # Ensure user is redirected to redirect_uri after login + session[:user_return_to] = request.fullpath current_user || redirect_to(new_user_session_url) end |