From 13d9dd1a68358abed220797037ad3f45f2c02105 Mon Sep 17 00:00:00 2001
From: Bob Van Landuyt <bob@vanlanduyt.co>
Date: Wed, 26 Jul 2017 11:57:05 +0200
Subject: Define ldap methods at runtime

This avoids loading the `OmniAuthCallbacksController` at boot time so
it doesn't mess up the `before_action`-chain
---
 app/controllers/omniauth_callbacks_controller.rb | 7 +++++++
 app/controllers/sessions_controller.rb           | 8 --------
 config/initializers/omniauth.rb                  | 5 -----
 3 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index 323d5d26eb6..8cf3707db67 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -10,6 +10,13 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     end
   end
 
+  if Gitlab::LDAP::Config.enabled?
+    server = Gitlab.config.ldap.servers.values.first
+    define_method server['provider_name'] do
+      ldap
+    end
+  end
+
   # Extend the standard message generation to accept our custom exception
   def failure_message
     exception = env["omniauth.error"]
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 69513f4dadc..0e8a57f8e03 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -5,14 +5,6 @@ class SessionsController < Devise::SessionsController
 
   skip_before_action :check_two_factor_requirement, only: [:destroy]
 
-  # Explicitly call protect from forgery before anything else. Otherwise the
-  # CSFR-token might be cleared before authentication is done. This was the case
-  # when LDAP was enabled and the `OmniauthCallbacksController` is loaded
-  #
-  # *Note:* `prepend: true` is the default for rails4, but this will be changed
-  # to `prepend: false` in rails5.
-  protect_from_forgery prepend: true, with: :exception
-
   prepend_before_action :check_initial_setup, only: [:new]
   prepend_before_action :authenticate_with_two_factor,
     if: :two_factor_enabled?, only: [:create]
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index f7fa6d1c2de..d573de7bcea 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -4,11 +4,6 @@ if Gitlab::LDAP::Config.enabled?
     klass = server['provider_class']
     const_set(klass, Class.new(LDAP)) unless klass == 'LDAP'
   end
-
-  OmniauthCallbacksController.class_eval do
-    server = Gitlab.config.ldap.servers.values.first
-    alias_method server['provider_name'], :ldap
-  end
 end
 
 OmniAuth.config.full_host = Settings.gitlab['base_url']
-- 
cgit v1.2.1