diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 39 |
2 files changed, 22 insertions, 18 deletions
diff --git a/CHANGELOG b/CHANGELOG index 0445f244f79..70501908986 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -64,6 +64,7 @@ v 7.13.5 v 7.13.4 - Allow users to send abuse reports + - Fix redirection after sign in when using auto_sign_in_with_provider v 7.13.3 - Fix bug causing Bitbucket importer to crash when OAuth application had been removed. diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 796cbe4c58c..8389f07a3bd 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -2,27 +2,10 @@ class SessionsController < Devise::SessionsController include AuthenticatesWithTwoFactor prepend_before_action :authenticate_with_two_factor, only: [:create] + prepend_before_action :store_redirect_path, only: [:new] before_action :auto_sign_in_with_provider, only: [:new] def new - redirect_path = - if request.referer.present? && (params['redirect_to_referer'] == 'yes') - referer_uri = URI(request.referer) - if referer_uri.host == Gitlab.config.gitlab.host - referer_uri.path - else - request.fullpath - end - else - request.fullpath - end - - # Prevent a 'you are already signed in' message directly after signing: - # we should never redirect to '/users/sign_in' after signing in successfully. - unless redirect_path == new_user_session_path - store_location_for(:redirect, redirect_path) - end - if Gitlab.config.ldap.enabled @ldap_servers = Gitlab::LDAP::Config.servers end @@ -55,6 +38,26 @@ class SessionsController < Devise::SessionsController User.find(session[:otp_user_id]) end end + + def store_redirect_path + redirect_path = + if request.referer.present? && (params['redirect_to_referer'] == 'yes') + referer_uri = URI(request.referer) + if referer_uri.host == Gitlab.config.gitlab.host + referer_uri.path + else + request.fullpath + end + else + request.fullpath + end + + # Prevent a 'you are already signed in' message directly after signing: + # we should never redirect to '/users/sign_in' after signing in successfully. + unless redirect_path == new_user_session_path + store_location_for(:redirect, redirect_path) + end + end def authenticate_with_two_factor user = self.resource = find_user |