• Stan Hu's avatar
    Fix 500 error when unconfirmed OAuth2 user with 2FA logs in · f2883f40
    Stan Hu authored
    When a user with two-factor auth enabled attempts to use an OAuth2
    provider to sign-in, the user would see a 500 error without explanation
    why. This occurred because the failure case in
    OmniauthCallbacksController was attempting to render the partial of the
    new session, but the CAPTCHA helpers are only defined for
    SessionsController, not for this one.
    
    To fix this problem, redirect the page with the alert to the sign-in
    page and display a flash alert with a notice about an unconfirmed
    e-mail. The redirection also cleans up the URL so that the page doesn't
    look like it starts from an Omniauth callback.
    
    Closes https://gitlab.com/gitlab-org/gitlab/-/issues/232611
    f2883f40
omniauth_callbacks_controller_spec.rb 15.2 KB