Merge branch '198289-unable-to-sign-out-from-secondary-geo-node' into 'master'

Allow users to sign-out on a read-only instance See merge request gitlab-org/gitlab!23545

Merge branch '198289-unable-to-sign-out-from-secondary-geo-node' into 'master'
Allow users to sign-out on a read-only instance See merge request gitlab-org/gitlab!23545
e4eb5dce · Michael Kozono · dec0c7a9 · 352abacf · e4eb5dce · e4eb5dce
Commit e4eb5dce authored Jan 23, 2020 by Michael Kozono
3 changed files
--- a/changelogs/unreleased/198289-unable-to-sign-out-from-secondary-geo-node.yml
+++ b/changelogs/unreleased/198289-unable-to-sign-out-from-secondary-geo-node.yml
+---
+title: Allow users to sign out on a read-only instance
+merge_request: 23545
+author:
+type: fixed
--- a/lib/gitlab/middleware/read_only/controller.rb
+++ b/lib/gitlab/middleware/read_only/controller.rb
@@ -24,6 +24,10 @@ module Gitlab
          'projects/compare' => %w{create}
        }.freeze

+        WHITELISTED_LOGOUT_ROUTES = {
+          'sessions' => %w{destroy}
+        }.freeze
+
        GRAPHQL_URL = '/api/graphql'

        def initialize(app, env)
@@ -85,7 +89,7 @@ module Gitlab

        # Overridden in EE module
        def whitelisted_routes
-          grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || graphql_query?
+          grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || logout_route? || graphql_query?
        end

        def grack_route?
@@ -118,6 +122,13 @@ module Gitlab
          WHITELISTED_GIT_LFS_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end

+        def logout_route?
+          # Calling route_hash may be expensive. Only do it if we think there's a possible match
+          return false unless request.post? && request.path.end_with?('/users/sign_out')
+
+          WHITELISTED_LOGOUT_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
+        end
+
        def sidekiq_route?
          request.path.start_with?("#{relative_url}/admin/sidekiq")
        end

--- a/spec/features/users/logout_spec.rb
+++ b/spec/features/users/logout_spec.rb
@@ -21,4 +21,16 @@ describe 'Logout/Sign out', :js do

    expect(page).not_to have_selector('.flash-notice')
  end
+
+  context 'on a read-only instance' do
+    before do
+      allow(Gitlab::Database).to receive(:read_only?).and_return(true)
+    end
+
+    it 'sign out redirects to sign in page' do
+      gitlab_sign_out
+
+      expect(current_path).to eq new_user_session_path
+    end
+  end
 end