Commit 4eb9d6a9 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Do not implicitly authenticate user during session creation

parent 2b05562c
......@@ -131,7 +131,11 @@ class ApplicationController < ActionController::Base
# that is going to invoke warden callbacks, so we use Warden directly here.
#
def auth_user
if warden.authenticated?(:user)
# TODO improve that
#
return if controller_name == 'sessions' && action_name == 'create'
if user_signed_in?
current_user
else
try(:authenticated_user)
......
......@@ -34,7 +34,7 @@ Rails.application.configure do |config|
if user.blocked?
Gitlab::Auth::Activity.new(opts).user_blocked!
BlockedUserTracker.new(user, auth).log_blocked_user_activity!
Gitlab::Auth::BlockedUserTracker.new(user, auth).log_blocked_user_activity!
end
Gitlab::Auth::Activity.new(opts).user_session_destroyed!
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment