Fix logins via OAuth2 geting logged out in an hour
Users without GitLab 2FA enabled would be logged out after an hour due to a regression in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20700. The OAuth2 controller sets the current_user after the controller is finished, so we should only limit session times after this has been done. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50210
This commit is contained in:
parent
a3c2b39d10
commit
a7e2f96b59
|
@ -11,7 +11,6 @@ class ApplicationController < ActionController::Base
|
||||||
include EnforcesTwoFactorAuthentication
|
include EnforcesTwoFactorAuthentication
|
||||||
include WithPerformanceBar
|
include WithPerformanceBar
|
||||||
|
|
||||||
before_action :limit_unauthenticated_session_times
|
|
||||||
before_action :authenticate_sessionless_user!
|
before_action :authenticate_sessionless_user!
|
||||||
before_action :authenticate_user!
|
before_action :authenticate_user!
|
||||||
before_action :enforce_terms!, if: :should_enforce_terms?
|
before_action :enforce_terms!, if: :should_enforce_terms?
|
||||||
|
@ -27,6 +26,7 @@ class ApplicationController < ActionController::Base
|
||||||
around_action :set_locale
|
around_action :set_locale
|
||||||
|
|
||||||
after_action :set_page_title_header, if: :json_request?
|
after_action :set_page_title_header, if: :json_request?
|
||||||
|
after_action :limit_unauthenticated_session_times
|
||||||
|
|
||||||
protect_from_forgery with: :exception, prepend: true
|
protect_from_forgery with: :exception, prepend: true
|
||||||
|
|
||||||
|
|
|
@ -162,6 +162,10 @@ describe ApplicationController do
|
||||||
|
|
||||||
describe 'session expiration' do
|
describe 'session expiration' do
|
||||||
controller(described_class) do
|
controller(described_class) do
|
||||||
|
# The anonymous controller will report 401 and fail to run any actions.
|
||||||
|
# Normally, GitLab will just redirect you to sign in.
|
||||||
|
skip_before_action :authenticate_user!, only: :index
|
||||||
|
|
||||||
def index
|
def index
|
||||||
render text: 'authenticated'
|
render text: 'authenticated'
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue