Commit 8f7fc44b authored by Douwe Maan's avatar Douwe Maan

Merge branch 'mabes/gitlab-ce-bypass-auto-login' into 'master'

Allow manual bypass of auto_sign_in_with_provider

Closes #3786

See merge request !11884
parents 3c63ac4c 9326d896
......@@ -90,7 +90,7 @@ class SessionsController < Devise::SessionsController
# Prevent a 'you are already signed in' message directly after signing:
# we should never redirect to '/users/sign_in' after signing in successfully.
unless redirect_path == new_user_session_path
unless URI(redirect_path).path == new_user_session_path
store_location_for(:redirect, redirect_path)
end
end
......@@ -103,6 +103,10 @@ class SessionsController < Devise::SessionsController
provider = Gitlab.config.omniauth.auto_sign_in_with_provider
return unless provider.present?
# If a "auto_sign_in" query parameter is set to a falsy value, don't auto sign-in.
# Otherwise, the default is to auto sign-in.
return if Gitlab::Utils.to_boolean(params[:auto_sign_in]) == false
# Auto sign in with an Omniauth provider only if the standard "you need to sign-in" alert is
# registered or no alert at all. In case of another alert (such as a blocked user), it is safer
# to do nothing to prevent redirection loops with certain Omniauth providers.
......
---
title: Allow manual bypass of auto_sign_in_with_provider with a new param
merge_request: 10187
author: Maxime Besson
......@@ -201,6 +201,9 @@ Please keep in mind that every sign in attempt will be redirected to the SAML se
so you will not be able to sign in using local credentials. Make sure that at least one
of the SAML users has admin permissions.
You may also bypass the auto signin feature by browsing to
https://gitlab.example.com/users/sign_in?auto_sign_in=false.
### `attribute_statements`
>**Note:**
......
require 'spec_helper'
describe SessionsController do
describe '#new' do
before do
@request.env['devise.mapping'] = Devise.mappings[:user]
end
context 'when auto sign-in is enabled' do
before do
stub_omniauth_setting(auto_sign_in_with_provider: :saml)
allow(controller).to receive(:omniauth_authorize_path).with(:user, :saml).
and_return('/saml')
end
context 'and no auto_sign_in param is passed' do
it 'redirects to :omniauth_authorize_path' do
get(:new)
expect(response).to have_http_status(302)
expect(response).to redirect_to('/saml')
end
end
context 'and auto_sign_in=false param is passed' do
it 'responds with 200' do
get(:new, auto_sign_in: 'false')
expect(response).to have_http_status(200)
end
end
end
end
describe '#create' do
before do
@request.env['devise.mapping'] = Devise.mappings[:user]
......
......@@ -186,7 +186,7 @@ describe Projects::ImportService, services: true do
}
)
allow(Gitlab.config.omniauth).to receive(:providers).and_return([provider])
stub_omniauth_setting(providers: [provider])
end
end
end
......@@ -28,6 +28,6 @@ module ImportSpecHelper
app_id: 'asd123',
app_secret: 'asd123'
)
allow(Gitlab.config.omniauth).to receive(:providers).and_return([provider])
stub_omniauth_setting(providers: [provider])
end
end
......@@ -25,6 +25,10 @@ module StubConfiguration
allow(Gitlab.config.mattermost).to receive_messages(messages)
end
def stub_omniauth_setting(messages)
allow(Gitlab.config.omniauth).to receive_messages(messages)
end
private
# Modifies stubbed messages to also stub possible predicate versions
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment