diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:49:12 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:49:15 +0000 |
commit | df6673034af7b5745f55f4079a7b2800d7779297 (patch) | |
tree | 5011c685c9e2e4a7d9e89eb5228e5da604bb6912 | |
parent | f50b909b75e615811af98928f1d66f0442003b83 (diff) | |
download | gitlab-ce-df6673034af7b5745f55f4079a7b2800d7779297.tar.gz |
Merge branch 'security-fix-new-issues-login-message-11-5' into 'security-11-5'
[11.5] Use common error for not logged in users when creating issues
See merge request gitlab/gitlabhq!2813
(cherry picked from commit 6a1c300fadddd9d534cacc9a7c0afd5ea6b04014)
0cb3920b Use common error for unauthenticated users
-rw-r--r-- | app/controllers/projects/issues_controller.rb | 10 | ||||
-rw-r--r-- | changelogs/unreleased/security-fix-new-issues-login-message.yml | 5 | ||||
-rw-r--r-- | spec/controllers/projects/issues_controller_spec.rb | 2 |
3 files changed, 7 insertions, 10 deletions
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 55d03826b7e..f81d7db5040 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -19,7 +19,7 @@ class Projects::IssuesController < Projects::ApplicationController prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) } prepend_before_action(only: [:calendar]) { authenticate_sessionless_user!(:ics) } - prepend_before_action :authenticate_new_issue!, only: [:new] + prepend_before_action :authenticate_user!, only: [:new] prepend_before_action :store_uri, only: [:new, :show] before_action :whitelist_query_limiting, only: [:create, :create_merge_request, :move, :bulk_update] @@ -229,14 +229,6 @@ class Projects::IssuesController < Projects::ApplicationController ] + [{ label_ids: [], assignee_ids: [] }] end - def authenticate_new_issue! - return if current_user - - notice = "Please sign in to create the new issue." - - redirect_to new_user_session_path, notice: notice - end - def store_uri if request.get? && !request.xhr? store_location_for :user, request.fullpath diff --git a/changelogs/unreleased/security-fix-new-issues-login-message.yml b/changelogs/unreleased/security-fix-new-issues-login-message.yml new file mode 100644 index 00000000000..9dabf2438c9 --- /dev/null +++ b/changelogs/unreleased/security-fix-new-issues-login-message.yml @@ -0,0 +1,5 @@ +--- +title: Use common error for unauthenticated users when creating issues +merge_request: +author: +type: security diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index 02930edbf72..06808fdc055 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -121,7 +121,7 @@ describe Projects::IssuesController do it 'redirects to signin if not logged in' do get :new, namespace_id: project.namespace, project_id: project - expect(flash[:notice]).to eq 'Please sign in to create the new issue.' + expect(flash[:alert]).to eq 'You need to sign in or sign up before continuing.' expect(response).to redirect_to(new_user_session_path) end |