• James Edwards-Jones's avatar
    Avoid 500 error for locked users on Group SSO · 695a5a58
    James Edwards-Jones authored
    What: Redirects locked users to the SSO page instead of generic sign
    in when accessed via Group SAML.
    
    This avoids a 500 error caused by attempting to access a missing
    captcha_enabled? method that is not present in the
    OmniauthCallbacksController, and instead displays an account locked
    flash message.
    
    Changes `locked_user_redirect` to display more accurate message
    when a user's account is locked.
    
    We also clear `session[otp_user_id]` to avoid future locked messages
    from assuming we are still trying to log in the previous user.
    
    Why: Users were getting a 500 error after incorrectly entering a 2FA
    code many times.
    695a5a58
saml_providers_spec.rb 9.88 KB