Merge branch 'bvl-fix-failing-saml-for-blocked-user' into 'master'

Fix infinite loop on saml login of a blocked user

See merge request gitlab-org/gitlab!75887

app/controllers/omniauth_callbacks_controller.rb

@@ -162,6 +162,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     user = auth_user.find_and_update!
 
     if auth_user.valid_sign_in?
+      # In this case the `#current_user` would not be set. So we can't fetch it
+      # from that in `#context_user`. Pushing it manually here makes the information
+      # available in the logs for this request.
+      Gitlab::ApplicationContext.push(user: user)
       log_audit_event(user, with: oauth['provider'])
 
       set_remember_me(user)
@@ -287,10 +291,6 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
   def fail_admin_mode_invalid_credentials
     redirect_to new_admin_session_path, alert: _('Invalid login or password')
   end
-
-  def context_user
-    current_user
-  end
 end
 
 OmniauthCallbacksController.prepend_mod_with('OmniauthCallbacksController')

spec/controllers/omniauth_callbacks_controller_spec.rb

@@ -479,6 +479,19 @@ RSpec.describe OmniauthCallbacksController, type: :controller do
         post :saml, params: { SAMLResponse: mock_saml_response }
       end
     end
+
+    context 'with a blocked user trying to log in when there are hooks set up' do
+      let(:user) { create(:omniauth_user, extern_uid: 'my-uid', provider: 'saml') }
+
+      subject(:post_action) { post :saml, params: { SAMLResponse: mock_saml_response } }
+
+      before do
+        create(:system_hook)
+        user.block!
+      end
+
+      it { expect { post_action }.not_to raise_error }
+    end
   end
 
   describe 'enable admin mode' do