Users may specify an OAuth2 callback with a custom name, such as
AWSCognito, but Rails will reject this with the following message:
```
'import/AWSCognito' is not a supported controller name. This can
lead to potential routing problems. See
http://guides.rubyonrails.org/routing.html#specifying-a-controller-to-use
```
To avoid these errors, we can just downcase all the provider names.
Note that this will make it impossible to specify a duplicate name with
different cases.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57156
To prevent an OAuth2 covert redirect vulnerability, this commit adds and
uses an alias for the GitHub and BitBucket OAuth2 callback URLs to the
following paths:
GitHub: /users/auth/-/import/github
Bitbucket: /users/auth/-/import/bitbucket
This allows admins to put a more restrictive callback URL in the OAuth2
configuration settings. Instead of https://example.com, admins can now use:
https://example.com/users/auth
It's possible but not trivial to change Devise and OmniAuth to use a
different prefix for callback URLs instead of /users/auth. For now,
aliasing the import URLs under the /users/auth namespace should suffice.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56663
It allows user to automatically import multiple repositories
with nested structure by uploading a manifest xml file.
AOSP project was used as an example during development of this feature.
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
