Commit d33c74e5 authored by Alex Buijs's avatar Alex Buijs

Fix redirect loop on .com when 2FA is required

When signing up on GitLab.com and 2FA is
required from the group,  the
required_signup_info and
check_two_factor_requirement before_actions
would cause an infinite loop.
parent 80bd2ca8
...@@ -8,7 +8,7 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -8,7 +8,7 @@ class RegistrationsController < Devise::RegistrationsController
layout :choose_layout layout :choose_layout
skip_before_action :required_signup_info, only: [:welcome, :update_registration] skip_before_action :required_signup_info, :check_two_factor_requirement, only: [:welcome, :update_registration]
prepend_before_action :check_captcha, only: :create prepend_before_action :check_captcha, only: :create
before_action :whitelist_query_limiting, only: [:destroy] before_action :whitelist_query_limiting, only: [:destroy]
before_action :ensure_terms_accepted, before_action :ensure_terms_accepted,
......
---
title: Fix redirect loop on .com when 2FA is required
merge_request: 31229
author:
type: fixed
...@@ -419,24 +419,34 @@ describe RegistrationsController do ...@@ -419,24 +419,34 @@ describe RegistrationsController do
describe '#welcome' do describe '#welcome' do
subject { get :welcome } subject { get :welcome }
before do
sign_in(create(:user))
end
context 'signup_flow experiment enabled' do context 'signup_flow experiment enabled' do
before do before do
stub_experiment_for_user(signup_flow: true) stub_experiment_for_user(signup_flow: true)
end end
it 'renders the devise_experimental_separate_sign_up_flow layout' do it 'renders the devise_experimental_separate_sign_up_flow layout' do
sign_in(create(:user))
expected_layout = Gitlab.ee? ? :checkout : :devise_experimental_separate_sign_up_flow expected_layout = Gitlab.ee? ? :checkout : :devise_experimental_separate_sign_up_flow
expect(subject).to render_template(expected_layout) expect(subject).to render_template(expected_layout)
end end
context '2FA is required from group' do
before do
user = create(:user, require_two_factor_authentication_from_group: true)
sign_in(user)
end
it 'does not perform a redirect' do
expect(subject).not_to redirect_to(profile_two_factor_auth_path)
end
end
end end
context 'signup_flow experiment disabled' do context 'signup_flow experiment disabled' do
before do before do
sign_in(create(:user))
stub_experiment_for_user(signup_flow: false) stub_experiment_for_user(signup_flow: false)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment