Commit 82aa5419 authored by Stan Hu's avatar Stan Hu

Merge branch 'fix-infinite-redirect' into 'master'

Only redirect to homepage url when its not the root url

It was possible to create an infi redirect when the user set up the
`home_page_url` to redirect to the main URL of the gitlab instance.

This fix makes sure this redirect is not possible.

Fixes #1020 

/cc @dblessing 

See merge request !1703
parents e59852c4 2dec5ec9
...@@ -59,14 +59,9 @@ class ApplicationController < ActionController::Base ...@@ -59,14 +59,9 @@ class ApplicationController < ActionController::Base
end end
def authenticate_user!(*args) def authenticate_user!(*args)
# If user is not signed-in and tries to access root_path - redirect him to landing page if redirect_to_home_page_url?
# Don't redirect to the default URL to prevent endless redirections
if current_application_settings.home_page_url.present? &&
current_application_settings.home_page_url.chomp('/') != Gitlab.config.gitlab['url'].chomp('/')
if current_user.nil? && root_path == request.path
redirect_to current_application_settings.home_page_url and return redirect_to current_application_settings.home_page_url and return
end end
end
super(*args) super(*args)
end end
...@@ -346,4 +341,17 @@ class ApplicationController < ActionController::Base ...@@ -346,4 +341,17 @@ class ApplicationController < ActionController::Base
def git_import_enabled? def git_import_enabled?
current_application_settings.import_sources.include?('git') current_application_settings.import_sources.include?('git')
end end
def redirect_to_home_page_url?
# If user is not signed-in and tries to access root_path - redirect him to landing page
# Don't redirect to the default URL to prevent endless redirections
return false unless current_application_settings.home_page_url.present?
home_page_url = current_application_settings.home_page_url.chomp('/')
root_urls = [Gitlab.config.gitlab['url'].chomp('/'), root_url.chomp('/')]
return false if root_urls.include?(home_page_url)
current_user.nil? && root_path == request.path
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment