Add latest changes from gitlab-org/gitlab@14-10-stable-eev14.10.0-rc42

1 files changed, 15 insertions, 10 deletions

diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb
index 48daacc09c2..7ec9be6baaf 100644
--- a/app/controllers/concerns/sessionless_authentication.rb
+++ b/app/controllers/concerns/sessionless_authentication.rb
@@ -20,16 +20,21 @@ module SessionlessAuthentication
   end
 
   def sessionless_sign_in(user)
-    if user.can_log_in_with_non_expired_password?
-      # Notice we are passing store false, so the user is not
-      # actually stored in the session and a token is needed
-      # for every request. If you want the token to work as a
-      # sign in token, you can simply remove store: false.
-      sign_in(user, store: false, message: :sessionless_sign_in)
-    elsif request_authenticator.can_sign_in_bot?(user)
-      # we suppress callbacks to avoid redirecting the bot
-      sign_in(user, store: false, message: :sessionless_sign_in, run_callbacks: false)
-    end
+    signed_in_user =
+      if user.can_log_in_with_non_expired_password?
+        # Notice we are passing store false, so the user is not
+        # actually stored in the session and a token is needed
+        # for every request. If you want the token to work as a
+        # sign in token, you can simply remove store: false.
+        sign_in(user, store: false, message: :sessionless_sign_in)
+      elsif request_authenticator.can_sign_in_bot?(user)
+        # we suppress callbacks to avoid redirecting the bot
+        sign_in(user, store: false, message: :sessionless_sign_in, run_callbacks: false)
+      end
+
+    reset_auth_user! if respond_to?(:reset_auth_user!, true)
+
+    signed_in_user
   end
 
   def sessionless_bypass_admin_mode!(&block)