Commit 247609a3 authored by Stan Hu's avatar Stan Hu

Merge branch 'fix-oauth-redirection' into 'master'

Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in

### What does this MR do?

This MR fixes a bug when GitLab is used as an OAuth provider (e.g. to GitLab CI) where the user is not redirected back to the original URI after a successful sign-in. This MR tweaks the Doorkeeper configuration to set the `user_return_to` Devise session variable, as mentioned in this [Stack Overflow](http://stackoverflow.com/questions/14504739/how-to-use-both-devise-and-doorkeeper-gems) post.

### Why was this MR needed?

If you attempt to "Login via GitLab" from GitLab CI and aren't logged out completely, GitLab asks for your username and password. After you login, you get directed to the GitLab dashboard instead of back to GitLab CI. It's easy to reproduce:

1. Set up a GitLab CI and GitLab instance (e.g. ci.gitlab.com, gitlab.com).
2. Start an Incognito Window so that you are logged out of GitLab CI and GitLab.
3. Go to the GitLab CI instance. Click the "Login with GitLab".
4. Enter in your credentials.
5. Watch your browser login to GitLab and not return to GitLab CI.

### What are the relevant issue numbers?

Closes #1612

See merge request !998
parents 2940263a 19163f84
Please view this file on the master branch, on stable branches it's out of date.
v 7.14.0 (unreleased)
- Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in (Stan Hu)
- Fix file upload dialog for comment editing (Daniel Gerhardt)
- Expire Rails cache entries after two weeks to prevent endless Redis growth
- Add support for destroying project milestones (Stan Hu)
......
......@@ -6,7 +6,8 @@ Doorkeeper.configure do
# This block will be called to check whether the resource owner is authenticated or not.
resource_owner_authenticator do
# Put your resource owner authentication logic here.
# Example implementation:
# Ensure user is redirected to redirect_uri after login
session[:user_return_to] = request.fullpath
current_user || redirect_to(new_user_session_url)
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment