Fix logins via OAuth2 geting logged out in an hour
Users without GitLab 2FA enabled would be logged out after an hour due to a regression in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20700. The OAuth2 controller sets the current_user after the controller is finished, so we should only limit session times after this has been done. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50210
This commit is contained in:
parent
a3c2b39d10
commit
a7e2f96b59
|
@ -11,7 +11,6 @@ class ApplicationController < ActionController::Base
|
|||
include EnforcesTwoFactorAuthentication
|
||||
include WithPerformanceBar
|
||||
|
||||
before_action :limit_unauthenticated_session_times
|
||||
before_action :authenticate_sessionless_user!
|
||||
before_action :authenticate_user!
|
||||
before_action :enforce_terms!, if: :should_enforce_terms?
|
||||
|
@ -27,6 +26,7 @@ class ApplicationController < ActionController::Base
|
|||
around_action :set_locale
|
||||
|
||||
after_action :set_page_title_header, if: :json_request?
|
||||
after_action :limit_unauthenticated_session_times
|
||||
|
||||
protect_from_forgery with: :exception, prepend: true
|
||||
|
||||
|
|
|
@ -162,6 +162,10 @@ describe ApplicationController do
|
|||
|
||||
describe 'session expiration' do
|
||||
controller(described_class) do
|
||||
# The anonymous controller will report 401 and fail to run any actions.
|
||||
# Normally, GitLab will just redirect you to sign in.
|
||||
skip_before_action :authenticate_user!, only: :index
|
||||
|
||||
def index
|
||||
render text: 'authenticated'
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue