diff options
author | Robert Speicher <robert@gitlab.com> | 2017-07-25 01:42:52 +0300 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2017-07-25 01:42:52 +0300 |
commit | d964816b9fe56679ffc0b331e701f7b24db5c6a9 (patch) | |
tree | 9771bdc047c58f8b4cf4151285e49f19a45b2ca2 /app | |
parent | 6536c990f0148ac9d3c82734046f22e3006fab4a (diff) | |
parent | fa9adb6599ae20c8522c92c9a0d670633fe3d5b0 (diff) |
Merge branch 'bvl-fix-login-issue-with-ldap-enabled' into 'master'
Load the sessionscontroller after loading the ldap strategies
Closes #35447
See merge request !13049
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/sessions_controller.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 0e8a57f8e03..69513f4dadc 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -5,6 +5,14 @@ class SessionsController < Devise::SessionsController skip_before_action :check_two_factor_requirement, only: [:destroy] + # Explicitly call protect from forgery before anything else. Otherwise the + # CSFR-token might be cleared before authentication is done. This was the case + # when LDAP was enabled and the `OmniauthCallbacksController` is loaded + # + # *Note:* `prepend: true` is the default for rails4, but this will be changed + # to `prepend: false` in rails5. + protect_from_forgery prepend: true, with: :exception + prepend_before_action :check_initial_setup, only: [:new] prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] |