BigW Consortium Gitlab

Unverified Commit 9326d896 by Maxime Besson Committed by Rémy Coutable

Allow manual bypass of auto_sign_in_with_provider

This commit lets a user bypass the automatic signin on the login form, in order to login with a technical (admin, etc) account Closes #3786 Signed-off-by: 's avatarRémy Coutable <remy@rymai.me>
parent 1e8dbd46
......@@ -90,7 +90,7 @@ class SessionsController < Devise::SessionsController
# Prevent a 'you are already signed in' message directly after signing:
# we should never redirect to '/users/sign_in' after signing in successfully.
unless redirect_path == new_user_session_path
unless URI(redirect_path).path == new_user_session_path
store_location_for(:redirect, redirect_path)
end
end
......@@ -103,6 +103,10 @@ class SessionsController < Devise::SessionsController
provider = Gitlab.config.omniauth.auto_sign_in_with_provider
return unless provider.present?
# If a "auto_sign_in" query parameter is set to a falsy value, don't auto sign-in.
# Otherwise, the default is to auto sign-in.
return if Gitlab::Utils.to_boolean(params[:auto_sign_in]) == false
# Auto sign in with an Omniauth provider only if the standard "you need to sign-in" alert is
# registered or no alert at all. In case of another alert (such as a blocked user), it is safer
# to do nothing to prevent redirection loops with certain Omniauth providers.
......
---
title: Allow manual bypass of auto_sign_in_with_provider with a new param
merge_request: 10187
author: Maxime Besson
......@@ -201,6 +201,9 @@ Please keep in mind that every sign in attempt will be redirected to the SAML se
so you will not be able to sign in using local credentials. Make sure that at least one
of the SAML users has admin permissions.
You may also bypass the auto signin feature by browsing to
https://gitlab.example.com/users/sign_in?auto_sign_in=false.
### `attribute_statements`
>**Note:**
......
require 'spec_helper'
describe SessionsController do
describe '#new' do
before do
@request.env['devise.mapping'] = Devise.mappings[:user]
end
context 'when auto sign-in is enabled' do
before do
stub_omniauth_setting(auto_sign_in_with_provider: :saml)
allow(controller).to receive(:omniauth_authorize_path).with(:user, :saml).
and_return('/saml')
end
context 'and no auto_sign_in param is passed' do
it 'redirects to :omniauth_authorize_path' do
get(:new)
expect(response).to have_http_status(302)
expect(response).to redirect_to('/saml')
end
end
context 'and auto_sign_in=false param is passed' do
it 'responds with 200' do
get(:new, auto_sign_in: 'false')
expect(response).to have_http_status(200)
end
end
end
end
describe '#create' do
before do
@request.env['devise.mapping'] = Devise.mappings[:user]
......
......@@ -186,7 +186,7 @@ describe Projects::ImportService, services: true do
}
)
allow(Gitlab.config.omniauth).to receive(:providers).and_return([provider])
stub_omniauth_setting(providers: [provider])
end
end
end
......@@ -28,6 +28,6 @@ module ImportSpecHelper
app_id: 'asd123',
app_secret: 'asd123'
)
allow(Gitlab.config.omniauth).to receive(:providers).and_return([provider])
stub_omniauth_setting(providers: [provider])
end
end
......@@ -25,6 +25,10 @@ module StubConfiguration
allow(Gitlab.config.mattermost).to receive_messages(messages)
end
def stub_omniauth_setting(messages)
allow(Gitlab.config.omniauth).to receive_messages(messages)
end
private
# Modifies stubbed messages to also stub possible predicate versions
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment