3692e9f8a2
If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
29 lines
802 B
Ruby
29 lines
802 B
Ruby
# frozen_string_literal: true
|
|
|
|
module OmniAuth
|
|
module Strategies
|
|
class SAML
|
|
extend ::Gitlab::Utils::Override
|
|
|
|
# NOTE: This method duplicates code from omniauth-saml
|
|
# so that we can access authn_request to store it
|
|
# See: https://github.com/omniauth/omniauth-saml/issues/172
|
|
override :request_phase
|
|
def request_phase
|
|
authn_request = OneLogin::RubySaml::Authrequest.new
|
|
|
|
store_authn_request_id(authn_request)
|
|
|
|
with_settings do |settings|
|
|
redirect(authn_request.create(settings, additional_params_for_authn_request))
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def store_authn_request_id(authn_request)
|
|
Gitlab::Auth::Saml::OriginValidator.new(session).store_origin(authn_request)
|
|
end
|
|
end
|
|
end
|
|
end
|