Allow a user to sign out when on the terms page

Before we would block the `sign_out` request when the user did not
accept the terms, therefore redirecting them to the terms again.

By allowing all request to devise controllers, we avoid this problem.

app/controllers/application_controller.rb

@@ -13,8 +13,7 @@ class ApplicationController < ActionController::Base
 
   before_action :authenticate_sessionless_user!
   before_action :authenticate_user!
-  before_action :enforce_terms!, if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms },
-                                 unless: :peek_request?
+  before_action :enforce_terms!, if: :should_enforce_terms?
   before_action :validate_user_service_ticket!
   before_action :check_password_expiration
   before_action :ldap_security_check
@@ -373,4 +372,10 @@ class ApplicationController < ActionController::Base
   def peek_request?
     request.path.start_with?('/-/peek')
   end
+
+  def should_enforce_terms?
+    return false unless Gitlab::CurrentSettings.current_application_settings.enforce_terms
+
+    !(peek_request? || devise_controller?)
+  end
 end

spec/features/users/terms_spec.rb

@@ -81,4 +81,22 @@ describe 'Users > Terms' do
       expect(find_field('issue_description').value).to eq("We don't want to lose what the user typed")
     end
   end
+
+  context 'when the terms are enforced' do
+    before do
+      enforce_terms
+    end
+
+    context 'signing out', :js do
+      it 'allows the user to sign out without a response' do
+        visit terms_path
+
+        find('.header-user-dropdown-toggle').click
+        click_link('Sign out')
+
+        expect(page).to have_content('Sign in')
+        expect(page).to have_content('Register')
+      end
+    end
+  end
 end