Commit 99ea3271 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'fix-endless-redirect' into 'master'

Fix endless redirections when accessing user OAuth applications when they are disabled

## What does this MR do?

This MR fixes a bug where the browser would be redirect endlessly when attempting to access the user's OAuth applications when an admin has disabled this system-wide setting.

## Are there points in the code the reviewer needs to double check?

I assume disabling the nav button is better than showing a page that says, "OAuth applications are disabled by the admin."

## Why was this MR needed?

Lots of users were confused when they hit endless redirect errors.

## What are the relevant issue numbers?

#14770 

See merge request !4525
parents 8d6c4b30 3b50d96b
......@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.9.0 (unreleased)
- Bulk assign/unassign labels to issues.
- Ability to prioritize labels !4009 / !3205 (Thijs Wouters)
- Fix endless redirections when accessing user OAuth applications when they are disabled
- Allow enabling wiki page events from Webhook management UI
- Bump rouge to 1.11.0
- Make EmailsOnPushWorker use Sidekiq mailers queue
......
......@@ -32,7 +32,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
def verify_user_oauth_applications_enabled
return if current_application_settings.user_oauth_applications?
redirect_to applications_profile_url
redirect_to profile_path
end
def set_index_vars
......
......@@ -10,6 +10,7 @@
= icon('gear fw')
%span
Account
- if current_application_settings.user_oauth_applications?
= nav_link(controller: 'oauth/applications') do
= link_to applications_profile_path, title: 'Applications' do
= icon('cloud fw')
......
require 'spec_helper'
describe Oauth::ApplicationsController do
let(:user) { create(:user) }
context 'project members' do
before do
sign_in(user)
end
describe 'GET #index' do
it 'shows list of applications' do
get :index
expect(response.status).to eq(200)
end
it 'redirects back to profile page if OAuth applications are disabled' do
settings = double(user_oauth_applications?: false)
allow_any_instance_of(Gitlab::CurrentSettings).to receive(:current_application_settings).and_return(settings)
get :index
expect(response.status).to eq(302)
expect(response).to redirect_to(profile_path)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment