Commit e055bbca authored by Yorick Peterse's avatar Yorick Peterse

Merge branch 'security-fix-new-issues-login-message' into 'master'

[master] Use common error for not logged in users when creating issues

Closes #2772

See merge request gitlab/gitlabhq!2787
parents 46ba1801 b5a06d29
...@@ -19,7 +19,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -19,7 +19,7 @@ class Projects::IssuesController < Projects::ApplicationController
prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) } prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) }
prepend_before_action(only: [:calendar]) { authenticate_sessionless_user!(:ics) } prepend_before_action(only: [:calendar]) { authenticate_sessionless_user!(:ics) }
prepend_before_action :authenticate_new_issue!, only: [:new] prepend_before_action :authenticate_user!, only: [:new]
prepend_before_action :store_uri, only: [:new, :show] prepend_before_action :store_uri, only: [:new, :show]
before_action :whitelist_query_limiting, only: [:create, :create_merge_request, :move, :bulk_update] before_action :whitelist_query_limiting, only: [:create, :create_merge_request, :move, :bulk_update]
...@@ -245,14 +245,6 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -245,14 +245,6 @@ class Projects::IssuesController < Projects::ApplicationController
] + [{ label_ids: [], assignee_ids: [] }] ] + [{ label_ids: [], assignee_ids: [] }]
end end
def authenticate_new_issue!
return if current_user
notice = "Please sign in to create the new issue."
redirect_to new_user_session_path, notice: notice
end
def store_uri def store_uri
if request.get? && !request.xhr? if request.get? && !request.xhr?
store_location_for :user, request.fullpath store_location_for :user, request.fullpath
......
---
title: Use common error for unauthenticated users when creating issues
merge_request:
author:
type: security
...@@ -131,7 +131,7 @@ describe Projects::IssuesController do ...@@ -131,7 +131,7 @@ describe Projects::IssuesController do
it 'redirects to signin if not logged in' do it 'redirects to signin if not logged in' do
get :new, params: { namespace_id: project.namespace, project_id: project } get :new, params: { namespace_id: project.namespace, project_id: project }
expect(flash[:notice]).to eq 'Please sign in to create the new issue.' expect(flash[:alert]).to eq 'You need to sign in or sign up before continuing.'
expect(response).to redirect_to(new_user_session_path) expect(response).to redirect_to(new_user_session_path)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment