Make OpenID Connect work without requiring a name

If there is no name argument given, OmniAuth will try to guess the name by the class name. In https://github.com/omniauth/omniauth/blob/v1.9.0/lib/omniauth/strategy.rb#L139, `OmniAuth::Strategies::OpenIDConnect` gets translated to `openidconnect`. This leads to an immediate 404 error after clicking the login button because OmniAuth can't match the current route (/users/auth/openid_connect) against the expected one (/users/auth/openidconnect). Other providers, such as Google OAuth2, set this name as the default option within the OmniAuth Strategy. Until a fix is merged upstream, let's just set the parameter ourselves. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62208

Make OpenID Connect work without requiring a name
If there is no name argument given, OmniAuth will try to guess the name by the class name. In https://github.com/omniauth/omniauth/blob/v1.9.0/lib/omniauth/strategy.rb#L139, `OmniAuth::Strategies::OpenIDConnect` gets translated to `openidconnect`. This leads to an immediate 404 error after clicking the login button because OmniAuth can't match the current route (/users/auth/openid_connect) against the expected one (/users/auth/openidconnect). Other providers, such as Google OAuth2, set this name as the default option within the OmniAuth Strategy. Until a fix is merged upstream, let's just set the parameter ourselves. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62208
a30d8e4a · Stan Hu · 40a9d054 · a30d8e4a · a30d8e4a · a30d8e4a
Commit a30d8e4a authored Jun 06, 2019 by Stan Hu
3 changed files
--- a/changelogs/unreleased/sh-fix-openid-connect-defaults.yml
+++ b/changelogs/unreleased/sh-fix-openid-connect-defaults.yml
+---
+title: Make OpenID Connect work without requiring a name
+merge_request: 29312
+author:
+type: fixed
--- a/lib/gitlab/omniauth_initializer.rb
+++ b/lib/gitlab/omniauth_initializer.rb
@@ -63,6 +63,12 @@ module Gitlab
        { remote_sign_out_handler: authentiq_signout_handler }
      when 'shibboleth'
        { fail_with_empty_uid: true }
+      when 'openid_connect'
+        # If a name argument is omitted, OmniAuth will expect that the
+        # matching route is /auth/users/openidconnect instead of
+        # /auth/users/openid_connect because of
+        # https://gitlab.com/gitlab-org/gitlab-ce/issues/62208#note_178780341.
+        { name: 'openid_connect' }
      else
        {}
      end

--- a/spec/lib/gitlab/omniauth_initializer_spec.rb
+++ b/spec/lib/gitlab/omniauth_initializer_spec.rb
@@ -83,5 +83,13 @@ describe Gitlab::OmniauthInitializer do

      subject.execute([cas3_config])
    end
+
+    it 'configures name for openid_connect' do
+      openid_connect_config = { 'name' => 'openid_connect', 'args' => {} }
+
+      expect(devise_config).to receive(:omniauth).with(:openid_connect, name: 'openid_connect')
+
+      subject.execute([openid_connect_config])
+    end
  end
 end