Commit 4eb9d6a9 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Do not implicitly authenticate user during session creation

parent 2b05562c
...@@ -131,7 +131,11 @@ class ApplicationController < ActionController::Base ...@@ -131,7 +131,11 @@ class ApplicationController < ActionController::Base
# that is going to invoke warden callbacks, so we use Warden directly here. # that is going to invoke warden callbacks, so we use Warden directly here.
# #
def auth_user def auth_user
if warden.authenticated?(:user) # TODO improve that
#
return if controller_name == 'sessions' && action_name == 'create'
if user_signed_in?
current_user current_user
else else
try(:authenticated_user) try(:authenticated_user)
......
...@@ -34,7 +34,7 @@ Rails.application.configure do |config| ...@@ -34,7 +34,7 @@ Rails.application.configure do |config|
if user.blocked? if user.blocked?
Gitlab::Auth::Activity.new(opts).user_blocked! Gitlab::Auth::Activity.new(opts).user_blocked!
BlockedUserTracker.new(user, auth).log_blocked_user_activity! Gitlab::Auth::BlockedUserTracker.new(user, auth).log_blocked_user_activity!
end end
Gitlab::Auth::Activity.new(opts).user_session_destroyed! Gitlab::Auth::Activity.new(opts).user_session_destroyed!
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment