Commit a5cb2fe2 authored by Bob Van Landuyt's avatar Bob Van Landuyt

Allow a user to sign out when on the terms page

Before we would block the `sign_out` request when the user did not
accept the terms, therefore redirecting them to the terms again.

By allowing all request to devise controllers, we avoid this problem.
parent 35816eb7
......@@ -13,8 +13,7 @@ class ApplicationController < ActionController::Base
before_action :authenticate_sessionless_user!
before_action :authenticate_user!
before_action :enforce_terms!, if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms },
unless: :peek_request?
before_action :enforce_terms!, if: :should_enforce_terms?
before_action :validate_user_service_ticket!
before_action :check_password_expiration
before_action :ldap_security_check
......@@ -373,4 +372,10 @@ class ApplicationController < ActionController::Base
def peek_request?
request.path.start_with?('/-/peek')
end
def should_enforce_terms?
return false unless Gitlab::CurrentSettings.current_application_settings.enforce_terms
!(peek_request? || devise_controller?)
end
end
......@@ -81,4 +81,22 @@ describe 'Users > Terms' do
expect(find_field('issue_description').value).to eq("We don't want to lose what the user typed")
end
end
context 'when the terms are enforced' do
before do
enforce_terms
end
context 'signing out', :js do
it 'allows the user to sign out without a response' do
visit terms_path
find('.header-user-dropdown-toggle').click
click_link('Sign out')
expect(page).to have_content('Sign in')
expect(page).to have_content('Register')
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment