diff options
author | Robert Speicher <robert@gitlab.com> | 2018-08-13 14:21:37 +0000 |
---|---|---|
committer | Julius Kvedaras <juliuskvedaras@yahoo.ie> | 2018-08-14 09:26:31 +0100 |
commit | bc19944f9fb2830f2c824fa2c859916e462959b1 (patch) | |
tree | b9909f7f152cea58b0bcc70b4984001c7e9ca882 | |
parent | 89fc2f8fb4de4ecfaa7a4efcfafb648550d82d83 (diff) | |
download | gitlab-ce-bc19944f9fb2830f2c824fa2c859916e462959b1.tar.gz |
Merge branch 'sh-fix-issue-50210-oauth2' into 'master'
Fix logins via OAuth2 geting logged out in an hour
Closes #50210
See merge request gitlab-org/gitlab-ce!21144
-rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
-rw-r--r-- | spec/controllers/application_controller_spec.rb | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 05ed3669a41..e5b38898a67 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -11,7 +11,6 @@ class ApplicationController < ActionController::Base include EnforcesTwoFactorAuthentication include WithPerformanceBar - before_action :limit_unauthenticated_session_times before_action :authenticate_sessionless_user! before_action :authenticate_user! before_action :enforce_terms!, if: :should_enforce_terms? @@ -27,6 +26,7 @@ class ApplicationController < ActionController::Base around_action :set_locale after_action :set_page_title_header, if: :json_request? + after_action :limit_unauthenticated_session_times protect_from_forgery with: :exception, prepend: true diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 421ab006792..fbf116e533b 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -162,6 +162,10 @@ describe ApplicationController do describe 'session expiration' do controller(described_class) do + # The anonymous controller will report 401 and fail to run any actions. + # Normally, GitLab will just redirect you to sign in. + skip_before_action :authenticate_user!, only: :index + def index render text: 'authenticated' end |