Commit c6ed2e6c authored by Michael Kozono's avatar Michael Kozono

Merge branch 'ag-fix-secondary-login' into 'master'

Fix secondary login in maintenance mode

See merge request gitlab-org/gitlab!51494
parents 03f535c8 20432a4f
......@@ -25,7 +25,8 @@ module EE
}.freeze
ALLOWLISTED_SIGN_IN_ROUTES = {
'sessions' => %w{create}
'sessions' => %w{create},
'oauth/tokens' => %w{create}
}.freeze
private
......@@ -90,7 +91,7 @@ module EE
end
def sign_in_route?
return unless request.post? && request.path.start_with?('/users/sign_in')
return unless request.post? && request.path.start_with?('/users/sign_in', '/oauth/token')
ALLOWLISTED_SIGN_IN_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
end
......
......@@ -93,11 +93,18 @@ RSpec.shared_examples 'write access for a read-only GitLab (EE) instance in main
end
end
it "expects a POST to /users/sign_in URL to be allowed" do
response = request.post('/users/sign_in')
where(:description, :path) do
'sign in route' | '/users/sign_in'
'oauth token route' | '/oauth/token'
end
with_them do
it "expects a POST to #{description} URL to be allowed" do
response = request.post(path)
expect(response).not_to be_redirect
expect(subject).not_to disallow_request
expect(response).not_to be_redirect
expect(subject).not_to disallow_request
end
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment