Allow a user to sign out when on the terms page

Before we would block the `sign_out` request when the user did not accept the terms, therefore redirecting them to the terms again. By allowing all request to devise controllers, we avoid this problem.
2018-05-10 11:35:02 +02:00 · 2018-05-10 11:35:02 +02:00 · a5cb2fe2e0
commit a5cb2fe2e0
parent 35816eb7be
2 changed files with 25 additions and 2 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -13,8 +13,7 @@ class ApplicationController < ActionController::Base

  before_action :authenticate_sessionless_user!
  before_action :authenticate_user!
-  before_action :enforce_terms!, if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms },
-                                 unless: :peek_request?
+  before_action :enforce_terms!, if: :should_enforce_terms?
  before_action :validate_user_service_ticket!
  before_action :check_password_expiration
  before_action :ldap_security_check
@ -373,4 +372,10 @@ class ApplicationController < ActionController::Base
  def peek_request?
    request.path.start_with?('/-/peek')
  end
+
+  def should_enforce_terms?
+    return false unless Gitlab::CurrentSettings.current_application_settings.enforce_terms
+
+    !(peek_request? || devise_controller?)
+  end
 end
--- a/spec/features/users/terms_spec.rb
+++ b/spec/features/users/terms_spec.rb
@ -81,4 +81,22 @@ describe 'Users > Terms' do
      expect(find_field('issue_description').value).to eq("We don't want to lose what the user typed")
    end
  end
+
+  context 'when the terms are enforced' do
+    before do
+      enforce_terms
+    end
+
+    context 'signing out', :js do
+      it 'allows the user to sign out without a response' do
+        visit terms_path
+
+        find('.header-user-dropdown-toggle').click
+        click_link('Sign out')
+
+        expect(page).to have_content('Sign in')
+        expect(page).to have_content('Register')
+      end
+    end
+  end
 end