Downcase aliased OAuth2 callback providers

Users may specify an OAuth2 callback with a custom name, such as AWSCognito, but Rails will reject this with the following message: ``` 'import/AWSCognito' is not a supported controller name. This can lead to potential routing problems. See http://guides.rubyonrails.org/routing.html#specifying-a-controller-to-use ``` To avoid these errors, we can just downcase all the provider names. Note that this will make it impossible to specify a duplicate name with different cases. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57156
2019-02-01 13:18:41 -08:00 · 2019-02-01 13:18:41 -08:00 · 1f18823687
parent dd26a9addc
commit 1f18823687
2 changed files with 6 additions and 1 deletions
--- a/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml
+++ b/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml
@ -0,0 +1,5 @@
+---
+title: Downcase aliased OAuth2 callback providers
+merge_request: 24877
+author:
+type: fixed
--- a/config/routes/import.rb
+++ b/config/routes/import.rb
@ -1,7 +1,7 @@
 # Alias import callbacks under the /users/auth endpoint so that
 # the OAuth2 callback URL can be restricted under http://example.com/users/auth
 # instead of http://example.com.
-Devise.omniauth_providers.each do |provider|
+Devise.omniauth_providers.map(&:downcase).each do |provider|
  next if provider == 'ldapmain'

  get "/users/auth/-/import/#{provider}/callback", to: "import/#{provider}#callback", as: "users_import_#{provider}_callback"