• Bob Van Landuyt's avatar
    Fix infinite loop on saml login of a blocked user · 00a4831d
    Bob Van Landuyt authored
    When a blocked user tries to log in they are immediately signed out
    again.
    
    This in turn calls the `before_logout` callback in Warden. In that
    callback we try to log the activity for the blocked user in the
    `BlockedUserTracker`:
    https://gitlab.com/gitlab-org/gitlab/blob/e30d909d3f19511742d218da0b4bd2cecca8b7a2/config/initializers/warden.rb#L60
    
    If a `SystemHook` was configured, this would also mean scheduling a
    job. Scheduling a job tries to get the current user from the
    context. For the `OmniAuthCallbacksController` this would call
    `current_user` which would try to sign the user in again.
    
    The `OmniauthCallbacksController` is an `ApplicationController`, which has
    a `#context_user` method that uses `#auth_user` which also exposes
    `#current_user`, but it has a safeguard to not call current user
    multiple times.
    
    Instead of trying to fetch it again for the omniauth sign in
    request. We push it into the context when the sign in was valid.
    
    Changelog: fixed
    00a4831d
omniauth_callbacks_controller_spec.rb 18.6 KB