From 1f1882368710a0c093ec9c2f036e87d28d8c5b3b Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 1 Feb 2019 13:18:41 -0800 Subject: Downcase aliased OAuth2 callback providers Users may specify an OAuth2 callback with a custom name, such as AWSCognito, but Rails will reject this with the following message: ``` 'import/AWSCognito' is not a supported controller name. This can lead to potential routing problems. See http://guides.rubyonrails.org/routing.html#specifying-a-controller-to-use ``` To avoid these errors, we can just downcase all the provider names. Note that this will make it impossible to specify a duplicate name with different cases. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57156 --- changelogs/unreleased/sh-fix-oauth2-callback-caps.yml | 5 +++++ config/routes/import.rb | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/sh-fix-oauth2-callback-caps.yml diff --git a/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml b/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml new file mode 100644 index 00000000000..8d17900cb79 --- /dev/null +++ b/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml @@ -0,0 +1,5 @@ +--- +title: Downcase aliased OAuth2 callback providers +merge_request: 24877 +author: +type: fixed diff --git a/config/routes/import.rb b/config/routes/import.rb index 69df82611f2..da5c31d0062 100644 --- a/config/routes/import.rb +++ b/config/routes/import.rb @@ -1,7 +1,7 @@ # Alias import callbacks under the /users/auth endpoint so that # the OAuth2 callback URL can be restricted under http://example.com/users/auth # instead of http://example.com. -Devise.omniauth_providers.each do |provider| +Devise.omniauth_providers.map(&:downcase).each do |provider| next if provider == 'ldapmain' get "/users/auth/-/import/#{provider}/callback", to: "import/#{provider}#callback", as: "users_import_#{provider}_callback" -- cgit v1.2.1