diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index fc9ed209ef8..e148e571a1c 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -40,6 +40,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController def saml omniauth_flow(Gitlab::Auth::Saml) + rescue Gitlab::Auth::Saml::IdentityLinker::UnverifiedRequest + redirect_unverified_saml_initiation end def omniauth_error @@ -92,8 +94,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController return render_403 unless link_provider_allowed?(oauth['provider']) log_audit_event(current_user, with: oauth['provider']) - - identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth) + identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth, session) link_identity(identity_linker) @@ -194,6 +195,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController redirect_to new_user_session_path end + def redirect_unverified_saml_initiation + redirect_to profile_account_path, notice: _('Request to link SAML account must be authorized') + end + def handle_disabled_provider label = Gitlab::Auth::OAuth::Provider.label_for(oauth['provider']) flash[:alert] = _("Signing in using %{label} has been disabled") % { label: label } |