Fix logins via OAuth2 geting logged out in an hour

Users without GitLab 2FA enabled would be logged out after an hour
due to a regression in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20700.

The OAuth2 controller sets the current_user after the controller is finished, so
we should only limit session times after this has been done.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50210

app/controllers/application_controller.rb

@@ -11,7 +11,6 @@ class ApplicationController < ActionController::Base
   include EnforcesTwoFactorAuthentication
   include WithPerformanceBar
 
-  before_action :limit_unauthenticated_session_times
   before_action :authenticate_sessionless_user!
   before_action :authenticate_user!
   before_action :enforce_terms!, if: :should_enforce_terms?
@@ -27,6 +26,7 @@ class ApplicationController < ActionController::Base
   around_action :set_locale
 
   after_action :set_page_title_header, if: :json_request?
+  after_action :limit_unauthenticated_session_times
 
   protect_from_forgery with: :exception, prepend: true
 

spec/controllers/application_controller_spec.rb

@@ -162,6 +162,10 @@ describe ApplicationController do
 
   describe 'session expiration' do
     controller(described_class) do
+      # The anonymous controller will report 401 and fail to run any actions.
+      # Normally, GitLab will just redirect you to sign in.
+      skip_before_action :authenticate_user!, only: :index
+
       def index
         render text: 'authenticated'
       end