diff options
Diffstat (limited to 'app/controllers/admin/sessions_controller.rb')
-rw-r--r-- | app/controllers/admin/sessions_controller.rb | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index 1f946e41995..f9587655a8d 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -6,17 +6,23 @@ class Admin::SessionsController < ApplicationController before_action :user_is_admin! def new - # Renders a form in which the admin can enter their password + if current_user_mode.admin_mode? + redirect_to redirect_path, notice: _('Admin mode already enabled') + else + current_user_mode.request_admin_mode! unless current_user_mode.admin_mode_requested? + store_location_for(:redirect, redirect_path) + end end def create if current_user_mode.enable_admin_mode!(password: params[:password]) - redirect_location = stored_location_for(:redirect) || admin_root_path - redirect_to safe_redirect_path(redirect_location) + redirect_to redirect_path, notice: _('Admin mode enabled') else - flash.now[:alert] = _('Invalid Login or password') + flash.now[:alert] = _('Invalid login or password') render :new end + rescue Gitlab::Auth::CurrentUserMode::NotRequestedError + redirect_to new_admin_session_path, alert: _('Re-authentication period expired or never requested. Please try again') end def destroy @@ -30,4 +36,19 @@ class Admin::SessionsController < ApplicationController def user_is_admin! render_404 unless current_user&.admin? end + + def redirect_path + redirect_to_path = safe_redirect_path(stored_location_for(:redirect)) || safe_redirect_path_for_url(request.referer) + + if redirect_to_path && + excluded_redirect_paths.none? { |excluded| redirect_to_path.include?(excluded) } + redirect_to_path + else + admin_root_path + end + end + + def excluded_redirect_paths + [new_admin_session_path, admin_session_path] + end end |