Merge branch 'feature/sso_integration' into 'master'

Add an option to automatically sign-in with an Omniauth provider

Split of !669 as requested

This is useful when integrating with existing SSO environments and we want to use a single Omniauth provider for all user authentication.

See merge request !723

1 files changed, 16 insertions, 0 deletions

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index b89b4c27350..4d976fe6630 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -2,6 +2,7 @@ class SessionsController < Devise::SessionsController
   include AuthenticatesWithTwoFactor
 
   prepend_before_action :authenticate_with_two_factor, only: [:create]
+  before_action :auto_sign_in_with_provider, only: [:new]
 
   def new
     redirect_path =
@@ -75,6 +76,21 @@ class SessionsController < Devise::SessionsController
     end
   end
 
+  def auto_sign_in_with_provider
+    provider = Gitlab.config.omniauth.auto_sign_in_with_provider
+    return unless provider.present?
+
+    # Auto sign in with an Omniauth provider only if the standard "you need to sign-in" alert is 
+    # registered or no alert at all. In case of another alert (such as a blocked user), it is safer  
+    # to do nothing to prevent redirection loops with certain Omniauth providers.
+    return unless flash[:alert].blank? || flash[:alert] == I18n.t('devise.failure.unauthenticated')
+    
+    # Prevent alert from popping up on the first page shown after authentication.
+    flash[:alert] = nil 
+    
+    redirect_to omniauth_authorize_path(:user, provider.to_sym)
+  end
+
   def valid_otp_attempt?(user)
     user.valid_otp?(user_params[:otp_attempt]) ||
     user.invalidate_otp_backup_code!(user_params[:otp_attempt])