Use a custom Devise failure app to handle unauthenticated .zip requests

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/12944
author: Robert Speicher <rspeicher@gmail.com> 2016-02-16 05:17:20 +0300
committer: Robert Speicher <rspeicher@gmail.com> 2016-03-09 07:49:30 +0300
commit: 5844a21a0acae08a19fa82984dcc0feb1b8777c5 (patch)
tree: aff41f83b11c676df2c3a64950196c994a183151 /lib/gitlab/devise_failure.rb
parent: e8cd04e831a2db36c4029f2c193fc40d2568c79e (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/gitlab/devise_failure.rb b/lib/gitlab/devise_failure.rb
new file mode 100644
index 00000000000..a78fde9d782
--- /dev/null
+++ b/lib/gitlab/devise_failure.rb
@@ -0,0 +1,23 @@
+module Gitlab
+  class DeviseFailure < Devise::FailureApp
+    protected
+
+    # Override `Devise::FailureApp#request_format` to handle a special case
+    #
+    # This tells Devise to handle an unauthenticated `.zip` request as an HTML
+    # request (i.e., redirect to sign in).
+    #
+    # Otherwise, Devise would respond with a 401 Unauthorized with
+    # `Content-Type: application/zip` and a response body in plaintext, and the
+    # browser would freak out.
+    #
+    # See https://gitlab.com/gitlab-org/gitlab-ce/issues/12944
+    def request_format
+      if request.format == :zip
+        Mime::Type.lookup_by_extension(:html).ref
+      else
+        super
+      end
+    end
+  end
+end
author	Robert Speicher <rspeicher@gmail.com>	2016-02-16 05:17:20 +0300
committer	Robert Speicher <rspeicher@gmail.com>	2016-03-09 07:49:30 +0300
commit	5844a21a0acae08a19fa82984dcc0feb1b8777c5 (patch)
tree	aff41f83b11c676df2c3a64950196c994a183151 /lib/gitlab/devise_failure.rb
parent	e8cd04e831a2db36c4029f2c193fc40d2568c79e (diff)