Add a feature flag for redirecting unknown-format requests

c6ed8073 · Nick Thomas · 675fe4fe · c6ed8073 · c6ed8073
Commit c6ed8073 authored Sep 12, 2019 by Nick Thomas
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 3 deletions

lib/gitlab/devise_failure.rb lib/gitlab/devise_failure.rb +2 -0

spec/controllers/application_controller_spec.rb spec/controllers/application_controller_spec.rb +13 -3

No files found.
--- a/lib/gitlab/devise_failure.rb
+++ b/lib/gitlab/devise_failure.rb
@@ -5,6 +5,8 @@ module Gitlab
    # If the request format is not known, send a redirect instead of a 401
    # response, since this is the outcome we're most likely to want
    def http_auth?
+      return super unless Feature.enabled?(:devise_redirect_unknown_formats, default_enabled: true)
+
      request_format && super
    end
  end

--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -191,10 +191,20 @@ describe ApplicationController do
      expect(response).to redirect_to new_user_session_path
    end

-    it 'redirects if unauthenticated and request format is unknown' do
-      get :index, format: 'unknown'
+    context 'request format is unknown' do
+      it 'redirects if unauthenticated' do
+        get :index, format: 'unknown'

-      expect(response).to redirect_to new_user_session_path
+        expect(response).to redirect_to new_user_session_path
+      end
+
+      it 'returns a 401 if the feature flag is disabled' do
+        stub_feature_flags(devise_redirect_unknown_formats: false)
+
+        get :index, format: 'unknown'
+
+        expect(response).to have_gitlab_http_status(401)
+      end
    end
  end