Merge branch 'rs-issue-12944' into 'master'

Use a custom Devise failure app to handle unauthenticated .zip requests Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/12944 See merge request !2828
author: Douwe Maan <douwe@gitlab.com> 2016-03-12 01:34:33 +0300
committer: Douwe Maan <douwe@gitlab.com> 2016-03-12 01:34:33 +0300
commit: cb81c8a5efd54586a19cbeeb69c7572b58dc1a81 (patch)
tree: 6f18f4682bc472938f214bad831da48eaf941e04 /lib
parent: 70bf6dc702b6354c3a00d0b81e7d7c10be25ffb8 (diff)
parent: 5844a21a0acae08a19fa82984dcc0feb1b8777c5 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/gitlab/devise_failure.rb b/lib/gitlab/devise_failure.rb
new file mode 100644
index 00000000000..a78fde9d782
--- /dev/null
+++ b/lib/gitlab/devise_failure.rb
@@ -0,0 +1,23 @@
+module Gitlab
+  class DeviseFailure < Devise::FailureApp
+    protected
+
+    # Override `Devise::FailureApp#request_format` to handle a special case
+    #
+    # This tells Devise to handle an unauthenticated `.zip` request as an HTML
+    # request (i.e., redirect to sign in).
+    #
+    # Otherwise, Devise would respond with a 401 Unauthorized with
+    # `Content-Type: application/zip` and a response body in plaintext, and the
+    # browser would freak out.
+    #
+    # See https://gitlab.com/gitlab-org/gitlab-ce/issues/12944
+    def request_format
+      if request.format == :zip
+        Mime::Type.lookup_by_extension(:html).ref
+      else
+        super
+      end
+    end
+  end
+end
author	Douwe Maan <douwe@gitlab.com>	2016-03-12 01:34:33 +0300
committer	Douwe Maan <douwe@gitlab.com>	2016-03-12 01:34:33 +0300
commit	cb81c8a5efd54586a19cbeeb69c7572b58dc1a81 (patch)
tree	6f18f4682bc472938f214bad831da48eaf941e04 /lib
parent	70bf6dc702b6354c3a00d0b81e7d7c10be25ffb8 (diff)
parent	5844a21a0acae08a19fa82984dcc0feb1b8777c5 (diff)