Commit 6e70e50b authored by Robert Speicher's avatar Robert Speicher

Merge branch 'sh-fix-issue-50210-oauth2' into 'master'

Fix logins via OAuth2 geting logged out in an hour

Closes #50210

See merge request gitlab-org/gitlab-ce!21144
parents 91bd5293 a7e2f96b
...@@ -11,7 +11,6 @@ class ApplicationController < ActionController::Base ...@@ -11,7 +11,6 @@ class ApplicationController < ActionController::Base
include EnforcesTwoFactorAuthentication include EnforcesTwoFactorAuthentication
include WithPerformanceBar include WithPerformanceBar
before_action :limit_unauthenticated_session_times
before_action :authenticate_sessionless_user! before_action :authenticate_sessionless_user!
before_action :authenticate_user! before_action :authenticate_user!
before_action :enforce_terms!, if: :should_enforce_terms? before_action :enforce_terms!, if: :should_enforce_terms?
...@@ -27,6 +26,7 @@ class ApplicationController < ActionController::Base ...@@ -27,6 +26,7 @@ class ApplicationController < ActionController::Base
around_action :set_locale around_action :set_locale
after_action :set_page_title_header, if: :json_request? after_action :set_page_title_header, if: :json_request?
after_action :limit_unauthenticated_session_times
protect_from_forgery with: :exception, prepend: true protect_from_forgery with: :exception, prepend: true
......
...@@ -162,6 +162,10 @@ describe ApplicationController do ...@@ -162,6 +162,10 @@ describe ApplicationController do
describe 'session expiration' do describe 'session expiration' do
controller(described_class) do controller(described_class) do
# The anonymous controller will report 401 and fail to run any actions.
# Normally, GitLab will just redirect you to sign in.
skip_before_action :authenticate_user!, only: :index
def index def index
render text: 'authenticated' render text: 'authenticated'
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment