Skip to content

Fix infinite loop on saml login of a blocked user

Bob Van Landuytrequested to merge
bvl-fix-failing-saml-for-blocked-user into master

What does this MR do and why?

When a blocked user tries to log in they are immediately signed out again.

This in turn calls the before_logout callback in Warden. In that callback we try to log the activity for the blocked user in the BlockedUserTracker: https://gitlab.com/gitlab-org/gitlab/blob/e30d909d3f19511742d218da0b4bd2cecca8b7a2/config/initializers/warden.rb#L60

If a SystemHook was configured, this would also mean scheduling a job. Scheduling a job tries to get the current user from the context. For the OmniAuthCallbacksController this would call current_user which would try to sign the user in again.

The OmniauthCallbacksController is an ApplicationController, which has a #context_user method that uses #auth_user which also exposes #current_user, but it has a safeguard to not call current user multiple times.

Fixes #344127 (closed)

Related !63303 (merged)

Edited by Bob Van Landuyt

Merge request reports