Commit c9ee5fb0 authored by Michael Kozono's avatar Michael Kozono

Merge branch '230688-geo-fix-oauth-redirect' into 'master'

Fix sign_in on secondary with relative URL

Closes #230688

See merge request gitlab-org/gitlab!37445
parents 7be826df 9b45644a
...@@ -14,7 +14,9 @@ module EE ...@@ -14,7 +14,9 @@ module EE
return super if signed_in? return super if signed_in?
if ::Gitlab::Geo.secondary_with_primary? if ::Gitlab::Geo.secondary_with_primary?
redirect_to oauth_geo_auth_url(host: GeoNode.current_node_url, state: geo_login_state.encode) current_node_uri = URI(GeoNode.current_node_url)
state = geo_login_state.encode
redirect_to oauth_geo_auth_url(host: current_node_uri.host, port: current_node_uri.port, state: state)
else else
super super
end end
......
---
title: 'Geo: Fix sign in on secondary with relative URL'
merge_request: 37445
author:
type: fixed
...@@ -32,6 +32,18 @@ RSpec.describe SessionsController, :geo do ...@@ -32,6 +32,18 @@ RSpec.describe SessionsController, :geo do
end end
end end
context 'when relative URL is configured' do
before do
host = 'http://this.is.my.host/secondary-relative-url-part'
stub_config_setting(url: host, https: false)
stub_default_url_options(host: "this.is.my.host", script_name: '/secondary-relative-url-part')
request.headers['HOST'] = host
end
it_behaves_like 'a valid oauth authentication redirect'
end
context 'with a tampered HOST header' do context 'with a tampered HOST header' do
before do before do
request.headers['HOST'] = 'http://this.is.not.my.host' request.headers['HOST'] = 'http://this.is.not.my.host'
......
...@@ -33,8 +33,8 @@ module StubConfiguration ...@@ -33,8 +33,8 @@ module StubConfiguration
allow(Gitlab.config).to receive_messages(to_settings(messages)) allow(Gitlab.config).to receive_messages(to_settings(messages))
end end
def stub_default_url_options(host: "localhost", protocol: "http") def stub_default_url_options(host: "localhost", protocol: "http", script_name: nil)
url_options = { host: host, protocol: protocol } url_options = { host: host, protocol: protocol, script_name: script_name }
allow(Rails.application.routes).to receive(:default_url_options).and_return(url_options) allow(Rails.application.routes).to receive(:default_url_options).and_return(url_options)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment