summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/controllers/application_controller.rb2
-rw-r--r--spec/controllers/application_controller_spec.rb4
2 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 05ed3669a41..e5b38898a67 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -11,7 +11,6 @@ class ApplicationController < ActionController::Base
include EnforcesTwoFactorAuthentication
include WithPerformanceBar
- before_action :limit_unauthenticated_session_times
before_action :authenticate_sessionless_user!
before_action :authenticate_user!
before_action :enforce_terms!, if: :should_enforce_terms?
@@ -27,6 +26,7 @@ class ApplicationController < ActionController::Base
around_action :set_locale
after_action :set_page_title_header, if: :json_request?
+ after_action :limit_unauthenticated_session_times
protect_from_forgery with: :exception, prepend: true
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 421ab006792..fbf116e533b 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -162,6 +162,10 @@ describe ApplicationController do
describe 'session expiration' do
controller(described_class) do
+ # The anonymous controller will report 401 and fail to run any actions.
+ # Normally, GitLab will just redirect you to sign in.
+ skip_before_action :authenticate_user!, only: :index
+
def index
render text: 'authenticated'
end