Commit e4eb5dce authored by Michael Kozono's avatar Michael Kozono

Merge branch '198289-unable-to-sign-out-from-secondary-geo-node' into 'master'

Allow users to sign-out on a read-only instance

See merge request gitlab-org/gitlab!23545
parents dec0c7a9 352abacf
---
title: Allow users to sign out on a read-only instance
merge_request: 23545
author:
type: fixed
...@@ -24,6 +24,10 @@ module Gitlab ...@@ -24,6 +24,10 @@ module Gitlab
'projects/compare' => %w{create} 'projects/compare' => %w{create}
}.freeze }.freeze
WHITELISTED_LOGOUT_ROUTES = {
'sessions' => %w{destroy}
}.freeze
GRAPHQL_URL = '/api/graphql' GRAPHQL_URL = '/api/graphql'
def initialize(app, env) def initialize(app, env)
...@@ -85,7 +89,7 @@ module Gitlab ...@@ -85,7 +89,7 @@ module Gitlab
# Overridden in EE module # Overridden in EE module
def whitelisted_routes def whitelisted_routes
grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || graphql_query? grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || logout_route? || graphql_query?
end end
def grack_route? def grack_route?
...@@ -118,6 +122,13 @@ module Gitlab ...@@ -118,6 +122,13 @@ module Gitlab
WHITELISTED_GIT_LFS_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) WHITELISTED_GIT_LFS_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
end end
def logout_route?
# Calling route_hash may be expensive. Only do it if we think there's a possible match
return false unless request.post? && request.path.end_with?('/users/sign_out')
WHITELISTED_LOGOUT_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
end
def sidekiq_route? def sidekiq_route?
request.path.start_with?("#{relative_url}/admin/sidekiq") request.path.start_with?("#{relative_url}/admin/sidekiq")
end end
......
...@@ -21,4 +21,16 @@ describe 'Logout/Sign out', :js do ...@@ -21,4 +21,16 @@ describe 'Logout/Sign out', :js do
expect(page).not_to have_selector('.flash-notice') expect(page).not_to have_selector('.flash-notice')
end end
context 'on a read-only instance' do
before do
allow(Gitlab::Database).to receive(:read_only?).and_return(true)
end
it 'sign out redirects to sign in page' do
gitlab_sign_out
expect(current_path).to eq new_user_session_path
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment