Commit 62848d57 authored by Jarka Košanová's avatar Jarka Košanová

Merge branch 'sh-fix-500-error-unconfirmed-user' into 'master'

Fix 500 error when unconfirmed user with 2FA logs in with OAuth2

Closes #232611

See merge request gitlab-org/gitlab!38104
parents 85417741 f2883f40
...@@ -33,9 +33,7 @@ module AuthenticatesWithTwoFactor ...@@ -33,9 +33,7 @@ module AuthenticatesWithTwoFactor
end end
def locked_user_redirect(user) def locked_user_redirect(user)
flash.now[:alert] = locked_user_redirect_alert(user) redirect_to new_user_session_path, alert: locked_user_redirect_alert(user)
render 'devise/sessions/new'
end end
def authenticate_with_two_factor def authenticate_with_two_factor
...@@ -54,7 +52,13 @@ module AuthenticatesWithTwoFactor ...@@ -54,7 +52,13 @@ module AuthenticatesWithTwoFactor
private private
def locked_user_redirect_alert(user) def locked_user_redirect_alert(user)
user.access_locked? ? _('Your account is locked.') : _('Invalid Login or password') if user.access_locked?
_('Your account is locked.')
elsif !user.confirmed?
I18n.t('devise.failure.unconfirmed')
else
_('Invalid Login or password')
end
end end
def clear_two_factor_attempt! def clear_two_factor_attempt!
......
---
title: Fix 500 error when unconfirmed OAuth2 user with 2FA logs in
merge_request: 38104
author:
type: fixed
...@@ -181,6 +181,23 @@ RSpec.describe OmniauthCallbacksController, type: :controller do ...@@ -181,6 +181,23 @@ RSpec.describe OmniauthCallbacksController, type: :controller do
end end
end end
context 'when user with 2FA is unconfirmed' do
render_views
let(:user) { create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: provider) }
before do
user.update_column(:confirmed_at, nil)
end
it 'redirects to login page' do
post provider
expect(response).to redirect_to(new_user_session_path)
expect(flash[:alert]).to match(/You have to confirm your email address before continuing./)
end
end
context 'sign up' do context 'sign up' do
include_context 'sign_up' include_context 'sign_up'
......
...@@ -399,7 +399,7 @@ RSpec.describe SessionsController do ...@@ -399,7 +399,7 @@ RSpec.describe SessionsController do
end end
it 'warns about invalid login' do it 'warns about invalid login' do
expect(response).to set_flash.now[:alert].to /Your account is locked./ expect(flash[:alert]).to eq('Your account is locked.')
end end
it 'locks the user' do it 'locks the user' do
...@@ -409,7 +409,7 @@ RSpec.describe SessionsController do ...@@ -409,7 +409,7 @@ RSpec.describe SessionsController do
it 'keeps the user locked on future login attempts' do it 'keeps the user locked on future login attempts' do
post(:create, params: { user: { login: user.username, password: user.password } }) post(:create, params: { user: { login: user.username, password: user.password } })
expect(response).to set_flash.now[:alert].to /Your account is locked./ expect(flash[:alert]).to eq('Your account is locked.')
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment