Commit caac73c8 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'sh-guard-against-ldap-login-csrf-fail' into 'master'

Guard against a login attempt with invalid CSRF token

See merge request gitlab-org/gitlab-ce!21934
parents 98a14fb6 027c3264
---
title: Guard against a login attempt with invalid CSRF token
merge_request: 21934
author:
type: fixed
...@@ -31,6 +31,11 @@ Rails.application.configure do |config| ...@@ -31,6 +31,11 @@ Rails.application.configure do |config|
Warden::Manager.before_logout(scope: :user) do |user, auth, opts| Warden::Manager.before_logout(scope: :user) do |user, auth, opts|
user ||= auth.user user ||= auth.user
# Rails CSRF protection may attempt to log out a user before that
# user even logs in
next unless user
activity = Gitlab::Auth::Activity.new(opts) activity = Gitlab::Auth::Activity.new(opts)
tracker = Gitlab::Auth::BlockedUserTracker.new(user, auth) tracker = Gitlab::Auth::BlockedUserTracker.new(user, auth)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment