From a7e2f96b59035fd4628a047370c87400e16a4b63 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 10 Aug 2018 12:15:06 -0700 Subject: Fix logins via OAuth2 geting logged out in an hour Users without GitLab 2FA enabled would be logged out after an hour due to a regression in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20700. The OAuth2 controller sets the current_user after the controller is finished, so we should only limit session times after this has been done. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50210 --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 05ed3669a41..e5b38898a67 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -11,7 +11,6 @@ class ApplicationController < ActionController::Base include EnforcesTwoFactorAuthentication include WithPerformanceBar - before_action :limit_unauthenticated_session_times before_action :authenticate_sessionless_user! before_action :authenticate_user! before_action :enforce_terms!, if: :should_enforce_terms? @@ -27,6 +26,7 @@ class ApplicationController < ActionController::Base around_action :set_locale after_action :set_page_title_header, if: :json_request? + after_action :limit_unauthenticated_session_times protect_from_forgery with: :exception, prepend: true -- cgit v1.2.1