Merge branch '11594-geo-redirect-after-authentication-prevents-access-to-secondary' into 'master'

Geo - Does not redirect user to the custom home page URL on a Geo secondary

Closes #11594

See merge request gitlab-org/gitlab-ee!13447

ee/app/controllers/ee/root_controller.rb

@@ -15,5 +15,17 @@ module EE
 
       super
     end
+
+    override :redirect_to_home_page_url?
+    def redirect_to_home_page_url?
+      # If a user is not signed-in and tries to access root_path on a Geo
+      # secondary node, redirects them to the sign-in page. Don't redirect
+      # to the custom home page URL if one is present. Otherwise, it
+      # will break the Geo OAuth workflow always redirecting the user to
+      # the Geo primary node, which prevents access to the secondary node.
+      return false if ::Gitlab::Geo.secondary?
+
+      super
+    end
   end
 end

ee/changelogs/unreleased/11594-geo-redirect-after-authentication-prevents-access-to-secondary.yml

+---
+title: Geo - Does not redirect user to the custom home page URL on a Geo secondary
+merge_request: 13447
+author:
+type: fixed

ee/spec/controllers/ee/root_controller_spec.rb

@@ -3,11 +3,67 @@
 require 'spec_helper'
 
 describe RootController do
-  describe 'GET index' do
+  include ::EE::GeoHelpers
+
+  describe 'GET #index' do
+    context 'when user is not logged in' do
+      context 'on a Geo primary node' do
+        set(:primary_node) { create(:geo_node, :primary) }
+
+        before do
+          stub_current_geo_node(primary_node)
+        end
+
+        it 'redirects to the sign-in page' do
+          get :index
+
+          expect(response).to redirect_to(new_user_session_path)
+        end
+
+        context 'when a custom home page URL is defined' do
+          before do
+            stub_application_setting(home_page_url: 'https://custom.gitlab.com/foo')
+          end
+
+          it 'redirects the user to the custom home page URL' do
+            get :index
+
+            expect(response).to redirect_to('https://custom.gitlab.com/foo')
+          end
+        end
+      end
+
+      context 'on a Geo secondary node' do
+        set(:secondary_node) { create(:geo_node) }
+
+        before do
+          stub_current_geo_node(secondary_node)
+        end
+
+        it 'redirects to the sign-in page' do
+          get :index
+
+          expect(response).to redirect_to(new_user_session_path)
+        end
+
+        context 'when a custom home page URL is defined' do
+          before do
+            stub_application_setting(home_page_url: 'https://custom.gitlab.com/foo')
+          end
+
+          it 'redirects to the sign-in page' do
+            get :index
+
+            expect(response).to redirect_to(new_user_session_path)
+          end
+        end
+      end
+    end
+
+    context 'with a user' do
       let(:user) { create(:user) }
 
       before do
-      stub_licensed_features(operations_dashboard: true)
         sign_in(user)
         allow(subject).to receive(:current_user).and_return(user)
       end
@@ -17,11 +73,17 @@ describe RootController do
           user.dashboard = 'operations'
         end
 
+        context 'when licensed' do
+          before do
+            stub_licensed_features(operations_dashboard: true)
+          end
+
           it 'redirects to operations dashboard' do
             get :index
 
             expect(response).to redirect_to operations_path
           end
+        end
 
         context 'when unlicensed' do
           before do
@@ -36,4 +98,5 @@ describe RootController do
         end
       end
     end
+  end
 end