Allow SSO callbacks through maintenance mode (!73550) · Merge requests · GitLab.org / GitLab

Catalin Irimie requested to merge cat-allow-sso-through-maintenance-mode into master Nov 02, 2021

What does this MR do and why?

When using other authentication methods, like SSO, LDAP, the path and controllers are slightly different, as they redirect back to a callback handled by Omniauth.

This adds the specific routes and controller to the allowlist in the read-only middleware to allow them to go through.

Related to #329261 (closed)

How to set up and validate locally

You can enable LDAP and SAML using the GDK docs
Enable maintenance mode
Try to login using LDAP, SAML, notice the maintenance mode read-only error
Checkout this branch, try to login and it should work as expected

I've personally patched this code on a GET setup where I've tested in the context of #343804 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Allow SSO callbacks through maintenance mode

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports