Redirect locked Group SSO users to SSO page instead of 500 error (!20329) · Merge requests · GitLab.org / GitLab

James Edwards-Jones requested to merge jej/fix-2fa-reset-with-group-sso into master Nov 18, 2019

What

Redirects locked users to the SSO page instead of generic sign in when accessed via Group SAML.

This avoids a 500 error caused by attempting to access a missing captcha_enabled? method that is not present in the OmniauthCallbacksController, and instead displays an account locked flash message.

Why

Users were getting a 500 error after incorrectly entering a 2FA code many times.

One part of solving #34998 (closed)

Next steps

The SSO page still redirects to generic sign in via route_not_found because the user is locked
Need to fix root cause of 2FA lockouts

Screenshots

Before	After

Acceptance criteria

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.

Edited Jan 28, 2020 by James Edwards-Jones

Redirect locked Group SSO users to SSO page instead of 500 error

What

Why

Next steps

Screenshots

Acceptance criteria

Availability and Testing

Merge request reports