Add latest changes from gitlab-org/security/gitlab@13-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-10-01 01:02:13 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-10-01 01:02:13 +0300
commit: 516fba52cf280b9d5bad08dce9f0150f859b6cea (patch)
tree: 4dad71be856651af62c9a281b01087ae15480810 /lib
parent: c90be62bdefdb6bb67c73a9c4a6d164c9f78a28d (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index 46b69214877..bf5044b4832 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -54,8 +54,10 @@ module API
         user = find_user_from_sources
         return unless user
 
-        # Sessions are enforced to be unavailable for API calls, so ignore them for admin mode
-        Gitlab::Auth::CurrentUserMode.bypass_session!(user.id) if Feature.enabled?(:user_mode_in_session)
+        if user.is_a?(User) && Feature.enabled?(:user_mode_in_session)
+          # Sessions are enforced to be unavailable for API calls, so ignore them for admin mode
+          Gitlab::Auth::CurrentUserMode.bypass_session!(user.id)
+        end
 
         unless api_access_allowed?(user)
           forbidden!(api_access_denied_message(user))
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-10-01 01:02:13 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-10-01 01:02:13 +0300
commit	516fba52cf280b9d5bad08dce9f0150f859b6cea (patch)
tree	4dad71be856651af62c9a281b01087ae15480810 /lib
parent	c90be62bdefdb6bb67c73a9c4a6d164c9f78a28d (diff)